vixie> if there were an RFC (let's be charitable and assume it would
vixie> have to be an FYI due to lack of consensus) that gave reasons why
vixie> PTR's would be needed and reasons why the absence might be better
vixie> (so, internet access vs. internet service), then that RFC might
vixie> give our last-mile industry buddies the air cover they need to be
vixie> first movers in dropping PTR's for both V6 and V4 "internet
vixie> access" addresses.
Hate to rain on your parade but this isn't going to happen. The problem
is not one example, like NYT. It's that we have 20+ years of sloppy
habits and people making golden calves of PTR records. As a last mile
provider, customer screams are way more expensive than just whipping out
garbage PTRs that mean nothing and are of no security/validation use but
mean I don't get calls.
I don't even know how many broken sites there are and I don't care to
waste valuable staff time tilting at this windmill. I just want to avoid
customer calls by suddenly deciding after decades that PTR records
deserve to be cleaned up.
My current expecation is somewhat like the following:
- all routers/network interfaces will have PTRs so my traceroutes are
of some use to my NOC
- all service machines will have legit forward and reverse that match
so that I can keep track of my own stuff and other folks will have
less reason to ditch my email traffic
- will probably get our DNS server folks to do lie on the fly v6 PTRs
for any customer addrs, with sign on the fly so they do at least
DNSSEC validate
Folks using PTRs for insane uses like as part of VPN validation, to get
web content or similar things that were useless in v4 will get the same
delusional warm fuzzies they get now.
Folks that find the current $GENERATE v4 stuff evil and untrustworthy
will find the v6 stuff no better.
Folks trying limit spam will hopefully figure out something that doesn't
involve reputation by IPv6 addr, 'cause at 18 quadrillion per /64, that
won't scale...
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
