On Nov 11, 2014, at 5:48 PM, Lee Howard <[email protected]> wrote:
> Many SSH servers (by default) reject connections from IP addresses without
> PTRs.
> This is stupid.
>
> I heard applause during the WG meeting in response to these statements;
> sounded like consensus to me. I said I would check that consensus on list.
>
> Thanks,
> Lee
Lee,
The usage case that got brought up at the mike “PTR records are used by logging
systems”
got me thinking “when does a logging system need this information”
and the answer is I think “when a human is looking at the log” in all other
cases if the system is running at
high speed the delay in looking up addresses is just too long.
Thus I would say the usage case is “a log processing tool MAY do PTR lookups”
the real information about addresses can be extracted from other sources as
well like
whois and geo-location data bases etc.
The other usage case that I can think of is network debugging.
Thus the real question in this case “what granularity in name is needed and
when ?”
Below is short list of of possible requirement based on the needs of these two
“usage cases”
We all love having the names displayed by trace route for each hop ==>
names of router interfaces are a SHOULD in my mind
We all want big services to have PTR records, this web servers, mail servers,
etc.
Addresses that provide services SHOULD have a PTR record
“End-user” addresses do not need a PTR record but could be simple wild card
responses like “Customer.HNL.biz-ISP.net”
as none is complaining about
123.136.133.31.in-addr.arpa. 3600 IN PTR dhcp-887b.meeting.ietf.org.
or
9.5.9.d.7.4.e.f.f.f.9.e.f.c.a.2.6.3.1.0.0.7.3.0.c.7.6.0.1.0.0.2.ip6.arpa. 15 IN
PTR s2001067c037001362acfe9fffe47d959.hotel-wireless.v6.meeting.ietf.org.
This message raised some questions
On Nov 11, 2014, at 5:29 PM, George Michaelson <[email protected]> wrote:
> I'll take a dollar for every query in PTR we take at the ipv4 /8 and Ipv6
> /12 level. Thats somewhere around 170,000/sec.
>
> Luckily, you'll all stop before I have the entire western economy in my
> pocket, but thats ok. I'll take the cents.. I'll take the millicents...
>
> Seriously: the volume of query is not small. It may be pointless but by golly
> its popular.
>
> What do people do with it? I have no idea. But as long as people want to
> query, the RIR are happy to anchor the domains.
>
That to me indicates that people use log post processing all the time and
Intrusion Detection Systems are doing PTR lookups
by policy
For IDS are their expectations any different than log processors?
and if IDS’s are taking decisions based on the content of PTR records what
granularity do they need?
Olafur
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
