>I entirely agree ... the fact that reverse DNS works as a heuristic (and >not an especially key heuristic) for IPv4 is not a reason for the >considerable effort required to try and make it work as a an equally >flawed heuristic on IPv6.
There is a heuristic that says any host which is intended to act as a server visible to hosts on the public Internet should have matching forward and reverse DNS. (It does not say the converse; the presence of DNS doesn't mean a host is good, the absence means it's bad.) This seems to me to be perfectly relevant in IPv6. A rather significant difference between v4 and v6 is that you can create static generic rDNS for even a fairly large v4 allocation using something like $GENERATE, and it's well within the abilities of normal name servers to handle it. For v6, you need a stunt server or other kludge, with the kludges getting pretty intense if you want DNSSEC to work. So let's not bother. Yes, we have ways for hosts to install DNS entries for the addresses they're using, but they're not widely adopted, and I have bad feelings about their security characteristics. (Hostile or buggy botware does an address hopping DDoS on your DNS infrastructure, for example.) >Beside the cost of creating the data and fetching it, there's the cost >of caching it when people change the IP for every email sending attempt Although I think I was one of the first people to propose that, I still think that anyone who sends mail that way deserves what they get. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
