Re: [DNSOP] reverse-mapping "in-addr-required' (again)

Wed, 27 Jun 2007 06:03:14 -0700 

On Tue, 26 Jun 2007, Mark Andrews wrote:

> 
>       Every address should have a PTR which gives the cannonical name
>       of the host which in turn has a matching address record.

The above requirement has been previously demonstrated untenable for
both technical reasons (not every address _can_ have a PTR record to an
A record which has a matching IP Adddress) and for operational reasons
(even if it is possible, it is not always desirable to do that).

Such 'requirement' is the essense of the 'in-addr-required' claims that
have been rejected on this group for 7+ years.  I think the arguments of
the past 7+ years do not need to keep being repeated. Rather, I think
the authors and the proponents should have some evidence the WG has
changed its mind.

I have recently asked Ed Lewis, a reviewer of Sullivan's draft to give 
some assurances:

  Ed, having reviewed the document, can you assure us that it doesn't
  contain any language that might be understood as implying that reverse
  DNS records are somehow required?

  Can you assure us that it doesn't contain any language that might be
  understood as implying that using reverse DNS for security is anything 
  but a crock'? (as Ted Lemon wrote)

  Can you assure us that Mr. Sullivan, despite his advocacy of making
  in-addr required, despite his advocacy of using reverse DNS for
  security, and despite his advocacy of irrational decision-making
  processes (cf discussion on DNSOP February & March '07), hasn't used
  this draft as a platform to obtain an the IETF RFC credential to 
  promote discredited practices and thereby mislead people about reverse 
  DNS?

While Mr. Lewis did not reply, it seems now quite clear that no such
assurance can be given, and that Mr. Sullivan remains intent on putting
such language into the draft, despite 7+ years of rejections. This is
another reason to support draft-anderson-reverse-dns-status-00 instead.  
My draft doesn't have this nonsense.

                --Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   




_______________________________________________
DNSOP mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dnsop

Reply via email to