comcast ipv6 PTR - DNSSEC
Barry Shein
bzs at world.std.com
Tue Oct 15 18:32:48 UTC 2013
On October 15, 2013 at 03:45 bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com) wrote:
>
> Forward domains and Reverse domains are often managed by different
> organizations - so if you were a paranoid validator, wanting to check
> that the name was from the correct place, you'd want to do DNSSEC
> validation on both the name and the address.
>
> Not going to weigh in on the value proposition.
Unless, as is frequently the case, the only test is: NXDOMAIN? Reject,
Anything but NXDOMAIN? Accept.
--
-Barry Shein
The World | bzs at TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
More information about the NANOG
mailing list