Performance Issues - PTR Records

• Previous message (by thread): Performance Issues - PTR Records
• Next message (by thread): Performance Issues - PTR Records
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <CAAAwwbX3-LNd8hRCYwdBGhCamBwjqT6u9Xygf08GmO+RRNJjuA at mail.gmail.com>
, Jimmy Hess writes:
> On Sun, Nov 6, 2011 at 7:10 PM, Mark Andrews <marka at isc.org> wrote:
> > MacOS and Windows can both populate the reverse zone for you as can
> > dhcp servers.
> > The practice of filling out the reverse zone with fake PTR record  [...]
> 
> OK.. let's say you're a DSL provider.   Are you going to have your
> DHCP server populating the forward and reverse DNS?   With what,  the
> account holder's  name?    somename.example.com ?

With what the machine told you to populate it with.  If the hostname
isn't specified in the request uses your default naming scheme.

> Wouldn't you say    blahblah192-168-0-2.city.state.dsl.example.com
> provides more useful information?

No.

> First of all, you know that the IP address is an end user,  an access
> network's end user's one IP address,
> an endpoint, rather than a subnet assigned to an actual multinode network.

Is it?  Even today with IPv4 you don't have to hand out single addresses
to customers.
 
> Second of all, you know it's an ISP, and you have city and state
> information of the network service.
> This is more useful than arbitrary user made up hostname.

In your opinion.  It may not be in the customer's opinion and they are
the ones leasing the address.
 
> The hostname is more meaningful on "real networks" such as SMB LANs,
> Enterprise intranets, web farms,  server networks, and other places
> where generic records should not be assigned, but the PTR should be
> the actual hostname.

New flash.  "real networks" already exist in homes.  The only reason
they arn't visible outside the home is that ISP's have been
ridiculously slow in making IPv6 available to the homes and with that
the potential for directly address machines.

> If the IP address is dynamic or autoconfigured for _those_ types of
> networks, then yes, automatic RDNS registration makes sense.   If it's
> static, not so much.
 
> Dynamic DNS registration is also complicated to make secure....   as
> in preventing hosts from updating other hosts'  records  or  mucking
> around the zone in other unwanted ways  requires complex key
> management and ACL configuration

No.  It's not really complicated to make secure.  It's quite possible
to prevent machines muking up others records.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

• Previous message (by thread): Performance Issues - PTR Records
• Next message (by thread): Performance Issues - PTR Records
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]