In message <16VeoWCqs8UUFA$s...@highwayman.com>, Richard Clayton writes: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In message <5453adcd.7090...@redbarn.org>, Paul Vixie <p...@redbarn.org> > writes > > >and yet, every proposal i've seen concerning IPv6 PTR screams silently, > >"PTR is an old-internet concept which no longer applies." it's as if we > >were trying to placate a bunch of apps that didn't understand classless > >inter-domain routing (CIDR) with its variable length prefixes, and > >rather than fix the apps, we're synthesizing acceptable metadata for > >them, at great complexity cost, and zero information benefit. > > I entirely agree ... the fact that reverse DNS works as a heuristic (and > not an especially key heuristic) for IPv4 is not a reason for the > considerable effort required to try and make it work as a an equally > flawed heuristic on IPv6. > > Beside the cost of creating the data and fetching it, there's the cost > of caching it when people change the IP for every email sending attempt
If you don't look it up it doesn't cost anything to cache. Additionally a negative response is *bigger* and is more costly to cache especially if it is a signed negative response. If you are worries about cache size you *want* PTR records to be returned. > What recipients really wish to know when they receive a connection is > how much address space is controlled by the connecting entity so that a > consistent reputation can be applied to all connections from that space. > > Whether they construct that reputation themselves or acquire it from a > broker is not relevant -- they want to apply it to all addresses that a > sender controls. > > We approximate this in IPv4 by using /32s (since few people control more > than a /24 -- so we get within a factor of 250 -- and there are not all > that many /18s and above ... so we can manually inspect the traffic from > each one on its merits, and yes there's a gap there). > > We just can't use the same approximations for IPv6, but the reverse DNS > system is one place where we could store attestations about delegation > of address space ... > > ... if we don't build such a system where this information can be stored > for anyone to access for free then we're all going to end up paying > another set of brokers for the data needed to provide the granularity > measures our reputation systems must use > > - -- > Dr Richard Clayton <richard.clay...@cl.cam.ac.uk> > tel: 01223 763570, mobile: 07887 794090 > Computer Laboratory, University of Cambridge, CB3 0FD > > -----BEGIN PGP SIGNATURE----- > Version: PGPsdk version 1.7.1 > > iQA/AwUBVFPLKuINNVchEYfiEQIjbgCbBQSyfmInlRaW8X497OyNAKytMGIAn1Js > 63oOrwA48IfcFtAuTBpwupMV > =awU9 > -----END PGP SIGNATURE----- > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
