Hi Kevin,
First, my apologies. I somehow misplaced this email, and neither
responded to it at the time nor included it when going over all the
issues to address in the -03 draft, which was submitted this morning. I
was actually looking for something else in the mailing list archive
when I came across it. I am sorry to have overlooked it, and want to
be clear that this was entirely my mistake.
On Mon, Mar 26, 2007 at 09:16:09PM -0500, Kevin Darcy wrote:
> I agree wholeheartedly with this comment. In the corporate environment,
> where I'm coming from, the point is to make money, and anything which
> costs money, manpower, increases complexity of the environment, presents
> possible information-disclosure-type security risks, etc., needs to have
> a demonstrable long-term *economic* benefit, or it is viewed as an
> unnecessary expense/risk, fails the "business case" test and won't get
> implemented, regardless of what the Internet Standards or BCPs say. If
I understand this. I don't actually see why the expense might not be
a strong counter-consideration, if the expense were great; but there's
some text added in the -03 draft (to appear RSN) that I hope faces
this issue.
> I also question the scope of the term "in use" in the quoted draft text
> above. What does it mean, exactly, for an address to be "in use"?
> Pingable? ARPable? Sending and/or receiving packets? Specifically, by
> "in use" is it *assumed* that there is at least 1 A RR or AAAA RR
> referring to the address? What if there *isn't*? I.e. what if the
> device
Yes, I see the problem, and you're right. What if it said instead,
"Unless there are strong counter-considerations, such as a high
probability of forcing large numbers of queries to use TCP, IP
addresses referenced in a forward mapping should have a
reverse mapping."
Would that address your concern?
> To put it more simply, if I want to have a "stealth" device on my
> network, which doesn't have either forward or reverse records pointing
> to it, why can't I do that? The text appears to preclude "stealth"
> devices.
I don't believe it is intended to preclude them. If you don't want to
use the DNS, then you obviously shouldn't need to use it. I think the
idea is that if you _do_ use the DNS forward, then you should also
provide the reverse mapping.
Thanks for the comments. If you like the proposed alteration, I'll
include it in an -04 version. Again, to you and the rest of the
working group, my apologies for having missed this.
Best regards,
Andrew
--
Andrew Sullivan 204-4141 Yonge Street
Afilias Canada Toronto, Ontario Canada
<[EMAIL PROTECTED]> M2P 2A8
jabber: [EMAIL PROTECTED] +1 416 646 3304 x4110
_______________________________________________
DNSOP mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dnsop
