Anyone from AT&T here? (AT&T bogus DNSBL answers)
Joe Abley
jabley at isc.org
Mon Apr 19 20:28:15 UTC 2004
On 19 Apr 2004, at 16:04, Valdis.Kletnieks at vt.edu wrote:
> DNS is intended for "give me the A record for the hostname FOO".
DNS is currently used for "give me the resource record set of type X
for the query key Y".
> LDAP is a more proper tool for "Give me the list of hosts that user
> Q-Froob is allowed to post mail from on Tuesdays after 5PM".
DNS has the advantages that its scaling properties are fairly
well-known, it distributes easily across servers and administrative
boundaries, records can be cached, and the delegation points can
provide some measure of confidence that the server you're obtaining
data from have some authority to dispense it (confidence ranging from
"a little bit, maybe" to "high" if zones and delegations are signed,
and there's a secure entry point to the chain somewhere). There are
also few devices in the world that speak IP and don't already include a
resolver.
DNS has lots of disadvantages too, and is cumbersome and obtuse for
distribution of many types of data.
The general rule that "if it's not for associating addresses with host
names, LDAP is better" is flawed though, I think.
Joe
More information about the NANOG
mailing list