"security" is a broad term. if you mean "use it for authorization" or "use
it for authentication" then no, the contents of a PTR RR are not useful for
security, or even relevant to security. if however you want to know what
the network's owner thinks a host is called, and you're going to use this to
prevent or detect or follow up on certain kinds of errors, or if you want to
be able to find some kind of hostname hint even if the host is offline or
refusing to give out such hints, and if you think that any of those things
are related to "security", then a PTR RR has security uses.
I agree.
Also...
There are many non-security purposes that go under the category of "operations". For example, the first step to fixing a routing issue is usually doing a traceroute between the affected networks. Seeing the names of the intervening routers is a big part of the "detective work" that is done before one can determine the fix. There are many non-security examples.
Add this to Vixie's list of examples: It's very nice to be able to look up an IP address of a machine that I can't actually access due to a firewall. Having reverse lookups being handled by a machine other than the actual machine itself is very powerful.
I do think that IPv6 will mean the end of flat-files for DNS databases, but that just seems to be how things progress in life. All systems grow in complexity until they require an SQL back-end. :-)
--tal
#---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
