- Kevin
Jessica Little wrote:
<2cents>
Start anew?!?...
IMO, There's been a lot of progress, IPv6 wrt DNS, etc., Unfortunately, the Foo Factor, can manifest itself at all levels and stages
of the process... and cannot be always avoided by starting over...
</2cents>
JL
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Darcy Sent: Friday, March 21, 2003 12:44 PM To: [EMAIL PROTECTED] Subject: Re: [RETRANSMIT] Re: Radical Surgery proposal: stop doingreverse for IPv6.
Brad Knowles wrote:
At 6:18 PM -0500 2003/03/20, Kevin Darcy wrote:
So, we should break reverse DNS just so that r-commands don't work? Excuse me?!? Do you recommend killing the patient just so that you don't have to deal with their hangnail problem?!?You claim that reverse DNS causes harm. Can you provide evidenceThe (un-Kerberized) versions of the "r-series" commands harm security
for this claim?
infrastructure, and reverse DNS enables them to function.
I'm sorry, just because some morons choose to leave themselves open to the r-command problem is not sufficient justification for no longer doing reverse DNS.
Not in and of itself, no, but our increased, multi-decade knowledge of the uses and abuses of reverse DNS does alter the original cost-benefit analysis'es inputs, to the point where reverse DNS now seems like more pain than gain, at least with respect to end-nodes, and/or at least with respect to IPv6, which is going to increase the "pain" without any corresponding anticipated increase in "gain". So maybe it's time to let go of the old baggage and start anew.
- Kevin
#---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
#---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
