To:
Robert Elz <kre@munnari.OZ.AU>
Cc:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>, Jun-ichiro itojun Hagino <itojun@iijlab.net>, Pekka Savola <pekkas@netcore.fi>, dnsop@cafax.se
From:
Brad Knowles <brad.knowles@skynet.be>
Date:
Sat, 23 Nov 2002 04:55:49 +0100
In-Reply-To:
<2305.1038017721@munnari.OZ.AU>
Reply-By:
Wed, 1 Jan 1984 12:34:56 +0100
Sender:
owner-dnsop@cafax.se
Subject:
Re: comments on dnsop-ipv6-dns-issues-00
At 1:15 PM +1100 2002/11/23, Robert Elz wrote:
> Yes, that one is an important advantage. It would seem though that
> there ought to be some rather simpler way of advertising assignments so
> everyone can tell the address that they have been told is in fact assigned
> to them, and to no-one else.
Problem is, the people who manage the name-space may not be the
same people who manage the IP-space. I can manage many domains, run
the nameservers myself, etc...
But I have to get IP addresses from somewhere, and unless I'm a
big company or other organization and can get IP addresses assigned
to me directly by RIPE, ARIN, or other comparable organization, I
have to get them from my IP provider.
That IP provider may or may not choose to delegate to me the
management of the portion of IP space that they have allocated for my
use. Moreover, that space might be dynamically allocated, and change
each time I log on and back off again.
This is why organizations like DynDNS.org have been created.
Even crypto won't help you here, because it would the respective
keys of the owners of that portion of space, and in one case it would
be the key of the owner of the name-space and in the other it would
be the key of the owner of the IP-space.
> Managing the entire in-addr.arpa tree just
> for that would be way overkill.
It does seem excessive, yes. However, I don't see a better
solution. If you can come up with a better solution, I'm sure we'd
be willing to discuss the matter with you.
However, this is a problem that people have been working on for
quite some time, and so far as I know, no better solution has been
proposed. Therefore, until you can come up with something better, or
at least some ideas of things to think about, I believe that we must
assume that reverse DNS is here to stay.
At the very least, I believe that we should make these separate
discussions, and not let this issue cloud or slow down the discussion
on things we're supposed to be here to talk about.
--
Brad Knowles, <brad.knowles@skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.