Re: [DNSOP] new version of IPv6 rDNS for ISPs
On 2012-11-21 6:44 PM, Andrew Sullivan wrote: > On Wed, Nov 21, 2012 at 06:07:23PM +, Paul Vixie wrote: >> consumer grade and business grade internet connections. since consumer >> grade connectees should really not be connecting to SMTP servers on >> other networks > I do not accept this premise, and I don't see any argument in favour > of it. What evidence does "willing to pay more for the same lousy > service" provide with respect to "is not sending outbound crap"? that's not a dns question, and we seem to agree on the problem statement mechanics, so i'm not going to answer this here beyond saying "if you aren't willing to pay extra for a PTR RR on your end, then i don't want you talking to my SMTP servers". in other words this is a personal policy matter for me, and though i know a couple ten-million others feel the same way, i'm not going to try to enshrine it in IETF's work, in any way. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] new version of IPv6 rDNS for ISPs
On Wed, Nov 21, 2012 at 06:07:23PM +, Paul Vixie wrote: > consumer grade and business grade internet connections. since consumer > grade connectees should really not be connecting to SMTP servers on > other networks I do not accept this premise, and I don't see any argument in favour of it. What evidence does "willing to pay more for the same lousy service" provide with respect to "is not sending outbound crap"? > to give it up, the tail would be very long. i'm going to treat this as > an unavoidable universal mistake that all of us will have to live with, > forever, period. There, we agree. > network operators should provide PTR RR's for specific addresses which > have real names. Also here. A -- Andrew Sullivan a...@anvilwalrusden.com ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] new version of IPv6 rDNS for ISPs
On 21 Nov 2012, at 18:07, Paul Vixie wrote: > network operators should provide PTR RR's for specific addresses which > have real names. the inability due to IPv6's richness of address space > to provide auto-naming for PTR's does not to me, a problem statement make. +1 ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] new version of IPv6 rDNS for ISPs
On 2012-11-21 4:44 PM, Ted Lemon wrote: > ... Aside from this quibble, I think the document is useful and should > be published. my quibble is different. ipv6 is bringing some tough love to the consumer-facing edge. the fact that ISP's auto-populated the IPv4 PTR tree made it impossible for mail server operators to distinguish between consumer grade and business grade internet connections. since consumer grade connectees should really not be connecting to SMTP servers on other networks, there's been a great deal of work to find all of the common auto-populated PTR naming patterns in use anywhere in the world, in order to reject off-net e-mail from consumer grade connections. this work is inefficient, ineffective, painful even when correct, and often wrong. there are some excellent reasons not to use PTR RR records for this purpose, starting with good security practices and continuing through good engineering practices. nevertheless this is a pre-existing property of the existing server plant, and even if server operators were willing to give it up, the tail would be very long. i'm going to treat this as an unavoidable universal mistake that all of us will have to live with, forever, period. network operators should provide PTR RR's for specific addresses which have real names. the inability due to IPv6's richness of address space to provide auto-naming for PTR's does not to me, a problem statement make. paul -- "It seems like the rules for automagic completion of incomplete names typed into browsers are going to start to look like those for the game of fizbin." --rick jones ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] new version of IPv6 rDNS for ISPs
On Nov 21, 2012, at 10:01 AM, Lee Howard wrote: > Since it's been > a while, and the operator community is still asking for guidance, I've > updated it, and would like a renewed review of it as an individual > submission (unless this WG or v6ops wants it). The document looks pretty good to me, except that the motivation section is likely to be controversial (as I'm sure you are aware). The reasons you state are not reasons that I personally find motivational; I want a working reverse tree because it's a way to publish information about an address, both for debugging purposes and for operational purposes (e.g., DANE). I could make some suggestions about this section, but I think it might be better to just take it out. I would just ditch the text in the introduction starting with "Some of the most..." and the three bullet items that follow it. Aside from this quibble, I think the document is useful and should be published. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] new version of IPv6 rDNS for ISPs
You may remember this draft from a couple of years ago. People keep asking me what a residential ISP should do for IPv6 PTR records, and I keep repeating what's in the draft. The intent is to document existing solutions, since prepopulating PTRs like we did in IPv4 doesn't work. Last time I brought it to DNSOP, there was interest, but not necessarily as a working group document. Since it's been a while, and the operator community is still asking for guidance, I've updated it, and would like a renewed review of it as an individual submission (unless this WG or v6ops wants it). Filename:draft-howard-isp-ip6rdns Revision:05 Title: Reverse DNS in IPv6 for Internet Service Providers Creation date: 2012-11-20 WG ID: Individual Submission Number of pages: 13 URL: http://www.ietf.org/internet-drafts/draft-howard-isp-ip6rdns-05.txt Status: http://datatracker.ietf.org/doc/draft-howard-isp-ip6rdns Htmlized:http://tools.ietf.org/html/draft-howard-isp-ip6rdns-05 Diff: http://www.ietf.org/rfcdiff?url2=draft-howard-isp-ip6rdns-05 Abstract: In IPv4, Internet Service Providers (ISPs) commonly provide IN- ADDR.ARPA. information for their customers by prepopulating the zone with one PTR record for every available address. This practice does not scale in IPv6. This document analyzes different approaches for ISPs to manage the ip6.arpa zone for IPv6 address space assigned to many customers. Thanks, Lee ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Declaring HTTPS mandatory in the DNS
Paul Wouters wrote: > > That will probably lead to people using the TLSA record as a pointer to > "do not connect without TLS". I wrote that requirement into my DANE for email drafts. http://tools.ietf.org/html/draft-fanf-dane-smtp-04#section-3.2 http://tools.ietf.org/html/draft-fanf-dane-mua-00#section-3 Tony. -- f.anthony.n.finchhttp://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop