[SHAME] Spam Rats

Mark Andrews marka at isc.org
Thu Jan 10 05:49:10 UTC 2013


In message <20130110053429.55493.qmail at joyce.lan>, "John Levine" writes:
> >No point.  address -> name -> address doesn't work with wildcards.
> > 
> >> (Still an IPv6 implementation virgin, just curious :) )
> 
> If you want to do generic IPv6 rDNS for all your hosts, you're
> stuck with a variety of less than great possibilities.
> 
> One is a stunt rDNS server that synthesizes the records on demand.
> (Bonus points for doing DNSSEC, too. Double bonus points for doing
> NSEC3.)

NSEC3 is a waste of time in ip6.arpa or any similarly structured
zone so -1000000 for doing NEC3 and effectively doing a DoS attack
against yourself and the client resolvers.

> Another is instrumenting the routers so that when they notice
> a new host on their network, they somehow send an update to the DNS
> servers to install rDNS for that host.
> 
> If I had to guess, I would say that we'll eventually agree than on
> IPv6 networks, mail servers and other hosts who have reputations that
> matter will have fixed addresses assigned statically or via DHCP and
> rDNS, random client hosts won't.  Teeth will gnash at how this makes
> some hosts second class and it violates the end to end principle, but
> tough noogies.
> 
> R's,
> John
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org




More information about the NANOG mailing list