Anyone from AT&T here? (AT&T bogus DNSBL answers)

Joe Abley jabley at isc.org
Mon Apr 19 20:28:15 UTC 2004



On 19 Apr 2004, at 16:04, Valdis.Kletnieks at vt.edu wrote:

> DNS is intended for "give me the A record for the hostname FOO".

DNS is currently used for "give me the resource record set of type X 
for the query key Y".

> LDAP is a more proper tool for "Give me the list of hosts that user
> Q-Froob is allowed to post mail from on Tuesdays after 5PM".

DNS has the advantages that its scaling properties are fairly 
well-known, it distributes easily across servers and administrative 
boundaries, records can be cached, and the delegation points can 
provide some measure of confidence that the server you're obtaining 
data from have some authority to dispense it (confidence ranging from 
"a little bit, maybe" to "high" if zones and delegations are signed, 
and there's a secure entry point to the chain somewhere). There are 
also few devices in the world that speak IP and don't already include a 
resolver.

DNS has lots of disadvantages too, and is cumbersome and obtuse for 
distribution of many types of data.

The general rule that "if it's not for associating addresses with host 
names, LDAP is better" is flawed though, I think.


Joe




More information about the NANOG mailing list