comcast ipv6 PTR - DNSSEC

• Previous message (by thread): comcast ipv6 PTR
• Next message (by thread): comcast ipv6 PTR - DNSSEC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 14, 2013 at 10:18:15PM -0500, Jimmy Hess wrote:
> On Mon, Oct 14, 2013 at 10:01 PM, Barry Shein <bzs at world.std.com> wrote:
> 
> 
> > >This would be a lot of work, so nobody does it.
> > >If someone asks for the rdns for:
> >   >  2001:0db8:85a3:0042:1000:8a2e:0370:7334
> > >it's a lot of work for example.com to return something like:
> > >   2001-0db8-85a3-0042-1000-8a2e-0370-7334.example.com
> > >?
> >
> >
> No... it's not a lot of work;   the problem is,  it's maybe worth  even
> less than the amount of work involved though.
> 
> What piece of information is being expressed there that would not be
>  expressed by a NXDOMAIN response?
> 
> Assuming the user is residential  ".example.com"   pertains to the ISP,
>  not the hostname at that IP address. The ISP's info    is accessible via
> services such as WHOIS-RWS
> 
> 
> How about some  wildcard PTR record ?
> 
> *.3.a.5.8.8.b.d.0.1.0.0.2.ip6.arpa     PTR     unnamedhost.example.com.
> 
>  It's equally useless; and conveys equally limited information about the
> host.
> 
> However, at least it doesn't generate spurious records  that are just  (IP
> repeated).(domain)
> 
> -- 
> -JH


	Forward domains and Reverse domains are often managed by different 
	organizations - so if you were a paranoid validator, wanting to check 
	that the name was from the correct place, you'd want to do DNSSEC 
	validation on both the name and the address.

	Not going to weigh in on the value proposition.


/bill

• Previous message (by thread): comcast ipv6 PTR
• Next message (by thread): comcast ipv6 PTR - DNSSEC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]