Re: comments on dnsop-ipv6-dns-issues-00

[Robert Elz <kre@munnari.OZ.AU>]

    Date:        Fri, 22 Nov 2002 23:46:00 +0859 ()
    From:        Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
    Message-ID:  <200211221446.XAA01718@necom830.hpcl.titech.ac.jp>

  | There are multiple DNS servers.

Yes, but most of the time (and especially for in-addr.arpa) they're all
clumped at the same location - if one is reachable, they all are.  The only
reason there's more than one is in case one has crashed.   And of course, not
only do the servers for the final in-addr.arpa zone itself need to be 
reachable, the whole tree down to it needs to be as well.

  | Moreover, you must, anyway, rely on DNS for forward lookup.

Yes, but that's not what is being done (and forward zones, down the tree,
tend to be better distributed).

  | Source host is, source address of the host may not.

Of course, but if the address is bogus/spoofed, then obtaining its name is
useless - all you're getting is the name of some host that isn't the one
that sent the packet.   Having that fail because the address given doesn't
work is harmless.

  | The primary benefit of having a reverse tree is that the tree makes
  | address assignement unique.

Yes, that one is an important advantage.   It would seem though that
there ought to be some rather simpler way of advertising assignments so
everyone can tell the address that they have been told is in fact assigned
to them, and to no-one else.   Managing the entire in-addr.arpa tree just
for that would be way overkill.

  | v6 people including itojun persistently assume it, for example, for
  | such topics as a source address selection.

Fine - when something is being discussed, where that assumption has been
incorrectly made, and it actually matters, then point it out - but there's no
need to add it to every discussion that relates to addresses.

kre

#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.