fixing insecure email infrastructure (was: Re: [eweek article]
Mark Andrews
Mark_Andrews at isc.org
Fri Jan 14 12:05:57 UTC 2005
> That's bad sincd DNAME is deprecated and has been removed from BIND.
>
> Owen
Really? Thats news to me.
RFC 2672, Non-Terminal DNS Name Redirection, is still
a proposed standard <http://www.ietf.org/iesg/1rfc_index.txt>.
If you are thinking about RFC 3363, Representing Internet
Protocol version 6 (IPv6) Addresses in the Domain Name
System (DNS). It does NOT deprecate DNAME. There is no
UPDATES RFC 2672 at the top. I was well aware that it
didn't deprecate DNAME when it passed through the WG. I
would have complained long and loudly if it did.
Mind you, in hind site, I should have a strongly argued
that section 4 of RFC 3363 just be deleted. All it has
done is generate confusion about the status of DNAME and
to top that the opening sentence contains assertions which
don't hold water once you think about them a little bit.
DNAME is just as useful with nibbles in the reverse tree as
it was with bitlabels.
Take RFC 2874, DNS Extensions to Support IPv6 Address Aggregation
and Renumbering, and redo the examples with nibbles. Everything
just works.
To renumber the reverse you need to get the appropriate
DNAME records updated. You don't need to re-establish several
levels of delegation under IP6.INT. Yes I expect the RIRs to
add DNAMES not NS records at some point in the future for IP6.INT.
For the forward part all the end systems just register their
new addresses in the DNS using UPDATE.
Mark.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the NANOG
mailing list