On Mon, Dec 17, 2018 at 2:37 PM Paul Wouters <[email protected]> wrote: > On Mon, 17 Dec 2018, Wes Hardaker wrote: > > > cons: > > - not everyone controls their reverse zone easily, especially for those > > that don't hold at least a /24 allocation. Ironically, I fall into > > this camp but still think this is a better solution than a name-based > one. > > - requires more lookups > > Your ISP should support Classless Delegations, RFC 2317 > > https://tools.ietf.org/html/rfc2317 > > I have deployed this successfully. >
Is that a "should" or "SHOULD"? 'cos it certainly isn't a MUST :-P I've tried contacting my ISPs over the years, and the responses have been: 1: "OK, click Start, then Shutdown... Now press the power key and and we'll wait for it to boot" 2: "What? Um. Have you tried turning it off and on again?" 3: "What? Huh. Nope, never heard of that." 4: "You are a dynamic customer. We cannot do anything like that for dynamic customers... Sorry, no we don't do static IPs for residential. Oh! You have a static subnet routed to you?! Weird, I didn't know we did that... " 5: "Yes, we have plans to support IPv6 in the future...." [no idea what that has to do with anything ] 6: "We don't allow users to run servers, and so there is no need for you to have reserve DNS". Perhaps you've just been lucky and gotten an ISP which sucks less? W > > > - requires the reverse tree for that address be fully signed > > That might be tricker, if your upstream ISP does not believe in DNSSEC > signing. > > Paul > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
