On Mon, Oct 18, 2004 at 04:50:43PM -0400, Daniel Senie <[EMAIL PROTECTED]> wrote a message of 29 lines which said:
> http://www.senie.com/dan/draft-ietf-dnsop-inaddr-required.txt
My opinion:
1) Too many sites wrongly use PTR checking without understand it. The warnings in 4.2 and 5 are not enough. Mentions of use (like "anti-spam fight") in 3 MUST be accompanied by a stronger warning that this test is junk.
I think the text is strong enough on this. I've also addressed this in my response to Pekka. Even reverse+forward is a bad idea as a security measure.
It is one thing to say that PTR should be deployed more. And another to allow its current use which is, under the current state of deployment, a bad idea.
I think that's the point of the document. PTR records should be deployed everywhere. They're helpful when debugging networks. And they're helpful for users of those networks who interact with systems that do use PTR records badly.
2) Although the draft mentions the responsabilities of the RIR (delegating .ARPA) and of the LIR (subdelegating), it fails to mention that, presently, most ISP in the world do not delegate .ARPA. In entire continents, like Africa, it is next to impossible to get an .ARPA delegation.
Look at ns1.nic.af, the stealth primary name server of the TLD ".af". Its address, 65.162.19.242, comes from the World Bank which do not even have a delegation from the upstream, Sprint. So, World Bank cannot delegate it to the Afghan NIC. As a result, many sites stupidly reject email from this afghani network.
IMO, this is the sort of abuse we should fight first. I suggest to delete the draft and, instead, to write one I-D named "PTR checking considered harmful".
I think that's beyond the scope of what's going to be worth doing right now.
. dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
. dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
