Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Ted Lemon > Tuesday, November 11, 2014 7:36 PM > > I think that a lot of the queries are useful in theory, e.g., queries > that present human readable names for legitimate hosts. I think a lot > are completely useless. I personally think that making it possible to

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Nov 11, 2014, at 5:29 PM, George Michaelson wrote: > What do people do with it? I have no idea. But as long as people want to > query, the RIR are happy to anchor the domains. I think that a lot of the queries are useful in theory, e.g., queries that present human readable names for legitima

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

I'll take a dollar for every query in PTR we take at the ipv4 /8 and Ipv6 /12 level. Thats somewhere around 170,000/sec. Luckily, you'll all stop before I have the entire western economy in my pocket, but thats ok. I'll take the cents.. I'll take the millicents... Seriously: the volume of query

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Nov 10, 2014, at 11:10 AM, Paul Ebersman wrote: > If I wait until I have screaming customers, I have months and months of > hell before I have any solution. So deploy the solutions the IETF is already working on. You are proposing we do something bad to solve a problem that demonstrably doe

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

ebersman> IPv6 is still in early adoption for broad general use and we ebersman> don't know what plans folks have for requiring PTRs. TLemon> I apologize for picking and choosing from your response, but I TLemon> think this sums it up perfectly: if we do not yet know what TLemon> plans they have,

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Nov 10, 2014, at 8:32 AM, Paul Ebersman wrote: > IPv6 is still in early adoption for broad general use and we don't know > what plans folks have for requiring PTRs. I apologize for picking and choosing from your response, but I think this sums it up perfectly: if we do not yet know what plans

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

sthaug> To me this is really simple: If many/most ISPs continue *not* sthaug> adding useless/artificial/synthesized PTRs, the content / server sthaug> people will have no choice - if they want their content to get sthaug> out and their services to be used by the large majority of IPv6 sthaug> user

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> TLemon> The status quo is that the ISP doesn't add a PTR record for a > TLemon> customer IPv6 address, nor delegate the zone. Lots of IPv6 > TLemon> users are getting by just fine right this very moment (including > TLemon> me) without this. So I think it's safe to say that we do not > TLemon>

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

ebersman> My concern is random folks who currently accept any v4 PTR ebersman> regardless of format (but caring if there is no PTR at all) ebersman> will do something equally bad in v6. i.e. NYT web content and ebersman> similar pointless cruft. Putting in an auto-gen'ed v6 PTR ebersman> would sat

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Nov 9, 2014, at 11:57 PM, Paul Ebersman wrote: Sorry, I replied to a message prior to your reply to me, and so I sort of answered these points, but just to clarify: > - service providers who want a way to avoid breaking things for >customers while not being operationally complicated/ins

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Nov 9, 2014, at 11:31 PM, Paul Ebersman wrote: > My concern is random folks who currently accept any v4 PTR regardless of > format (but caring if there is no PTR at all) will do something equally > bad in v6. i.e. NYT web content and similar pointless cruft. Putting in > an auto-gen'ed v6 PTR w

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

ebersman> It's a nice thought. But considering how little we've ebersman> converged on SLAAC vs DHCPv6, random assignment vs eui-64 vs ebersman> static for host ID, RFC 6106 vs DHCPv6 DNS, etc. (and I won't ebersman> even start on how many IPv6 transition techs there are), any ebersman> consensus

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

sthaug> If you assume that IPv6 mail servers have static PTRs, there is sthaug> zero added value (and a bit of work) in creating/synthesizing sthaug> IPv6 PTRs for residential customers. Much better to simply not sthaug> do it in the first place. I'm in agreement that "legitimate", well run mail

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> vixie> Indeed not. We currently have to maintain a large and complex > vixie> distributed registry of ipv4 ptr patterns which are meaningless > vixie> and must therefore be filtered out before making policy decisions > vixie> about the presence/absence and match/doesn't of a ptr record and > vixi

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

>And if I used a generation method for v6 that exactly matched v4, I'd >just get caught in exactly the same filters, right? No. There are a zillion formats for generic v4 rDNS names. Most of them embed some version of four octets of the IP address, so for v6 it would of necessity be different.

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Nov 9, 2014, at 3:28 PM, Paul Ebersman wrote: > It's a nice thought. But considering how little we've converged on SLAAC > vs DHCPv6, random assignment vs eui-64 vs static for host ID, RFC 6106 > vs DHCPv6 DNS, etc. (and I won't even start on how many IPv6 transition > techs there are), any con

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

In message <6c6d2bc0-4099-4f9c-ade4-f9dd021da...@fl1ger.de>, Ralf Weber writes: > Moin! > > Read this draft on the way to the IETF and while saw there was a lot of discu > ssion around it I didn't read all of it, so forgive me if stuff has been said > before. > > First I think it is good to hav

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

vixie> Indeed not. We currently have to maintain a large and complex vixie> distributed registry of ipv4 ptr patterns which are meaningless vixie> and must therefore be filtered out before making policy decisions vixie> about the presence/absence and match/doesn't of a ptr record and vixie> it's a

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On November 9, 2014 2:08:28 PM PST, Ted Lemon wrote: >On Nov 9, 2014, at 12:01 PM, Paul Ebersman >wrote: >> Most ISPs and most email/spam folks find the current v4 pointer usage >to >> be functional. > >This assertion with respect to spam at least does not seem to match >what's actually been sa

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Moin! Read this draft on the way to the IETF and while saw there was a lot of discussion around it I didn't read all of it, so forgive me if stuff has been said before. First I think it is good to have a draft that captures what you can do and what the challenges for IPv6 reverse are. However

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Nov 9, 2014, at 12:01 PM, Paul Ebersman wrote: > Most ISPs and most email/spam folks find the current v4 pointer usage to > be functional. This assertion with respect to spam at least does not seem to match what's actually been said on the list by people who are in a position to know. __

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

To step back up a level again. Most ISPs and most email/spam folks find the current v4 pointer usage to be functional. I'm not saying that we all think it's not somewhat broken, couldn't be better, etc. However, it solves the problems it's supposed to solve in a functional way and doesn't generat

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> > Putting my ISP hat on, I'd have to agree with the security/stability > > reasons (and several others I can think of). As of today, I have zero > > incentive to let my residential customers create their own PTR records. > > Putting my customer hat on: I want PTR for my machines (many hosters >

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Thu, Nov 06, 2014 at 08:26:17AM +0100, sth...@nethelp.no wrote a message of 24 lines which said: > Putting my ISP hat on, I'd have to agree with the security/stability > reasons (and several others I can think of). As of today, I have zero > incentive to let my residential customers create

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Joel, Thanks for this clarification on the process, I was on a plane :-) On Nov 6, 2014, at 12:23 PM, joel jaeggli wrote: > On 11/5/14 12:50 PM, Paul Vixie wrote: >> >> the lack of consensus means it can't be a proposed standard, not that it >> can't be an FYI, BCP or similar, right? > > BCP

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

John Levine wrote: > >Do we know whether typical PTR checks look for existence or matching? > > The ones I know all look for matching. My understanding is that mail servers will often just do existence checks because the matching check causes too much trouble for legitimate mail. (My servers don

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

In message <20141106152435.7ad4caa0...@fafnir.remote.dragon.net>, Paul Ebersman writes: > > marka> For in-addr.arpa you already have a PTR records. Allowing the > marka> end user to set its content does not increase the amount of data > marka> you are serving. It does increase the amount of ch

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

phoffman> Do we know whether typical PTR checks look for existence or phoffman> matching? johnl> The ones I know all look for matching. For MX/spam and for VPNs, seems to want matching. For more "fringe" uses like NYT web, seems to just want a non-NXDOMAIN response. I'd be nervous about wildc

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Thu, Nov 06, 2014 at 09:41:57AM -0800, Paul Hoffman wrote: > Do we know whether typical PTR checks look for existence or matching? It depends. (We covered this to some extent in that failed reverse-tree draft.) A -- Andrew Sullivan a...@anvilwalrusden.com __

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Evan Hunt > Thursday, November 06, 2014 9:46 AM > > I see. Too bad. Is it any more feasible to adjust expectations for v6 in > this respect than it was when we were talking about not providing PTR for > v6 in the first place? sadly, ipv6 isn't deployed enough that a v6-on

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

>> Most PTR checks look up the name to be sure there's a matching forward >> ( in this case) record, and ignore them if there isn't. > >I see. Too bad. Is it any more feasible to adjust expectations for v6 in >this respect than it was when we were talking about not providing PTR for >v6 in th

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Thu, Nov 06, 2014 at 09:41:57AM -0800, Paul Hoffman wrote: > I think Evan was proposing that home-ipv6-customer.isp.net would also exist, > so a PTR check that looked for *existence* would succeed, but one that looked > for *matching* would fail for most of those addresses. > > Do we know whe

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Paul Hoffman > Thursday, November 06, 2014 9:41 AM > > ... > > Do we know whether typical PTR checks look for existence or matching? in postfix, it's matching. -- Paul Vixie ___ DNSOP mailing list DNSOP@ietf.org https

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

>I think Evan was proposing that home-ipv6-customer.isp.net would also exist, >so a PTR check that looked for >*existence* would succeed, but one that looked for *matching* would fail for >most of those addresses. > >Do we know whether typical PTR checks look for existence or matching? The ones

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Thu, Nov 06, 2014 at 05:33:10PM -, John Levine wrote: > This turns out to be a Well Known Bad Idea (WKBI). > > Most PTR checks look up the name to be sure there's a matching forward > ( in this case) record, and ignore them if there isn't. I see. Too bad. Is it any more feasible to a

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Nov 6, 2014, at 9:33 AM, John Levine wrote: > >> stupid thing I've been wondering: Is there a reason not to use wildcard >> PTRs? >> >> $ORIGIN 6.7.6.2.7.6.7.0.1.0.0.2.ip6.arpa. >> * 604800 IN PTR home-ipv6-customer.isp.net. > > This turns out to be a Well Known

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

>stupid thing I've been wondering: Is there a reason not to use wildcard >PTRs? > >$ORIGIN 6.7.6.2.7.6.7.0.1.0.0.2.ip6.arpa. >* 604800 IN PTR home-ipv6-customer.isp.net. This turns out to be a Well Known Bad Idea (WKBI). Most PTR checks look up the name to be sure

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On 11/5/14 12:50 PM, Paul Vixie wrote: > > >> Andrew Sullivan >> Wednesday, November 05, 2014 10:50 AM >> On Wed, Nov 05, 2014 at 10:19:59AM -0800, 神明達哉 wrote: >>> https://tools.ietf.org/html/draft-ietf-dnsop-reverse-mapping-considerations-06 >> ... >> ... I belie

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Thu, Nov 06, 2014 at 08:24:35AM -0700, Paul Ebersman wrote: > marka> Which won't work in IPv6 unless you syntesize the records on > marka> demand. > > And that's the plan, at least for $DAYJOB. And sign on the fly for those > of us signing our zones. I'm going to take the risk of embarrassing

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

marka> For in-addr.arpa you already have a PTR records. Allowing the marka> end user to set its content does not increase the amount of data marka> you are serving. It does increase the amount of churn in the marka> zone. This draft isn't talking about v4. And $GENERATE or equiv already works i

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

sth...@nethelp.no wrote: > For our residential customers, we provide IPv4 PTRs which indicate > that this is a dynamic address. We *don't* plan to provide IPv6 PTRs > for those same customers. That's fine. But, what we need is opinions of ISPs which are allowing customers supply PTRs for IPv4, d

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> > Putting my ISP hat on, I'd have to agree with the security/stability > > reasons (and several others I can think of). As of today, I have zero > > incentive to let my residential customers create their own PTR records. > > Better tools and systems may change this, but it would in any case be >

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Mark Andrews wrote: > For in-addr.arpa you already have a PTR records. Allowing the end > user to set its content does not increase the amount of data you > are serving. It does increase the amount of churn in the zone. A > matching TCP source address is a good enough authenticator to permit >

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Andrew Sullivan wrote: > Especially in the absence of strong anti-spoofing mechanisms, like > the DNS Security Extensions, a check for matching reverse DNS mapping > should be regarded as an extremely weak form of authentication. Considering that DNS Security Extension provides weak s

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> > marka> Or we could stop debating whether we should maintain it and > > marka> assume that if we give people tools that will allow it to be > > marka> automatically maintained they will eventually deploy them. > > > > For providers with millions or tens of millions of end customers, any > > sys

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

In message <20141105222034.5fe40a92...@fafnir.remote.dragon.net>, Paul Ebersman writes: > > marka> Or we could stop debating whether we should maintain it and > marka> assume that if we give people tools that will allow it to be > marka> automatically maintained they will eventually deploy them.

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

In message <20141105215548.27d51a91...@fafnir.remote.dragon.net>, Paul Ebersman writes: > > marka> Or we could stop debating whether we should maintain it and > marka> assume that if we give people tools that will allow it to be > marka> automatically maintained they will eventually deploy them.

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

In message <20141105231214.gk31...@mx1.yitter.info>, Andrew Sullivan writes: > On Thu, Nov 06, 2014 at 08:00:20AM +1100, Mark Andrews wrote: > > > > Or we could stop debating whether we should maintain it and assume > > that if we give people tools that will allow it to be automatically > > maint

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Thu, Nov 06, 2014 at 08:00:20AM +1100, Mark Andrews wrote: > > Or we could stop debating whether we should maintain it and assume > that if we give people tools that will allow it to be automatically > maintained they will eventually deploy them. Yeah, that's worked so far! No reason it shoul

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

marka> Or we could stop debating whether we should maintain it and marka> assume that if we give people tools that will allow it to be marka> automatically maintained they will eventually deploy them. [...] marka> Document what a node should do to register itself in the reverse marka> tree and to

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

marka> Or we could stop debating whether we should maintain it and marka> assume that if we give people tools that will allow it to be marka> automatically maintained they will eventually deploy them. For providers with millions or tens of millions of end customers, any system that just lets any

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

>Re-reading it today, it seems to me the text was altogether milquetoast. I agree. The points that Vixie notes are entirely true, and it's hard to imagine a good reason not to document them for the benefit of people who want to, you know, interoperate. R's, John

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Nov 5, 2014, at 3:59 PM, Andrew Sullivan wrote: > AFAIK we were planning only for informational. The chairs called > WGLC, it ran, there was some ranting, then some months later one of > the chairs told me that they weren't sure what to do. To publish > something as a WG document, you still n

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Or we could stop debating whether we should maintain it and assume that if we give people tools that will allow it to be automatically maintained they will eventually deploy them. A lot of the issue is that the tools aren't out there yet. Document what a node should do to register itself in the

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Wed, Nov 05, 2014 at 12:50:42PM -0800, Paul Vixie wrote: > the lack of consensus means it can't be a proposed standard, not that it > can't be an FYI, BCP or similar, right? AFAIK we were planning only for informational. The chairs called WGLC, it ran, there was some ranting, then some months

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Andrew Sullivan > Wednesday, November 05, 2014 10:50 AM > On Wed, Nov 05, 2014 at 10:19:59AM -0800, 神明達哉 wrote: >> https://tools.ietf.org/html/draft-ietf-dnsop-reverse-mapping-considerations-06 > ... > ... I believed I had watered down the draft so thoroughly th

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Wed, Nov 05, 2014 at 10:19:59AM -0800, 神明達哉 wrote: > > I guess > https://tools.ietf.org/html/draft-ietf-dnsop-reverse-mapping-considerations-06 > personally think if we can agree on the content this time, such a > document will be very useful, but we should carefully learn from the > previous

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

At Sat, 01 Nov 2014 16:31:07 -0700, Paul Vixie wrote: > if there were an RFC (let's be charitable and assume it would have to be > an FYI due to lack of consensus) that gave reasons why PTR's would be > needed and reasons why the absence might be better (so, internet access > vs. internet service

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

I think thats pretty well completely fair Terry. I think you capture the qualities well. But if you put DNSSEC back in the equation, add sufficient value to the assertive-trust side of what would be said inside it, and the follows-the-delegation-chain aspect, I think it has potential to have more

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Hi George, and all. I've just caught up on this thread, and it strikes me that there is (it seems) an operational gap with the omission of the problem statement. On 3/11/2014 2:36 pm, "George Michaelson" wrote: [snip] > >We don't have any failure to delegate the parent blocks facing down: Its

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

knowing its not the root issue, I would like to remind people the RIR system for rDNS delegation is almost entirely automatic from our various portals, and WHOIS based nserver mechanisms. Its not hard to do the top part. We're not roadblocking. We don't have any failure to delegate the parent bloc

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

ebersman> So your grand scheme is vixie> decorum? No objections here if you succeed. :) ebersman> ... to limit who can get v6 PTRs and that will be the new ebersman> standard of whether or now you're tall enough to send email ebersman> with the big boys? vixie> yes. Well, for my $DAYJOB, that

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Paul Ebersman > Sunday, November 02, 2014 7:55 AM > ... > So your grand scheme is decorum? > ... to limit who can get v6 PTRs and that will be > the new standard of whether or now you're tall enough to send email with > the big boys? yes. > How's that worked out

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

ebersman> I don't even know how many broken sites there are and I don't ebersman> care to waste valuable staff time tilting at this ebersman> windmill. ... vixie> no worries. meanwhile i'm going to try to build an internet that vixie> can grow for 200 more years. Suddenly being "socially respons

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

>but, separately from that, if PTR's have high and low uses, we should >document that, so that NYT (or whomever) ... Can whoever mentioned the NY Times offer more clues about what they're rejecting? My cable connection happens to have IPv6 with no rDNS, and I can't even find a v6 address at the T

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Paul Ebersman > Saturday, November 01, 2014 8:08 PM > ... > > Hate to rain on your parade but this isn't going to happen. that's what folks told me about source address validation when they heard about SAC004. my quest continues. > I don't even know how many bro

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

vixie> if there were an RFC (let's be charitable and assume it would vixie> have to be an FYI due to lack of consensus) that gave reasons why vixie> PTR's would be needed and reasons why the absence might be better vixie> (so, internet access vs. internet service), then that RFC might vixie> give

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> John Levine > Saturday, November 01, 2014 1:51 PM >> I entirely agree ... the fact that reverse DNS works as a heuristic (and >> not an especially key heuristic) for IPv4 is not a reason for the >> considerable effort required to try and make it work as a an equally >>

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

There is a heuristic that says any host which is intended to act as a server visible to hosts on the public Internet should have matching forward and reverse DNS. (It does not say the converse; the presence of DNS doesn't mean a host is good, the absence means it's bad.) This seems to me to be p

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Sat, 1 Nov 2014, John Levine wrote: I entirely agree ... the fact that reverse DNS works as a heuristic (and not an especially key heuristic) for IPv4 is not a reason for the considerable effort required to try and make it work as a an equally flawed heuristic on IPv6. There is a heuristic

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

>I entirely agree ... the fact that reverse DNS works as a heuristic (and >not an especially key heuristic) for IPv4 is not a reason for the >considerable effort required to try and make it work as a an equally >flawed heuristic on IPv6. There is a heuristic that says any host which is intended to

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

In message <16VeoWCqs8UUFA$s...@highwayman.com>, Richard Clayton writes: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > In message <5453adcd.7090...@redbarn.org>, Paul Vixie > writes > > >and yet, every proposal i've seen concerning IPv6 PTR screams silently, > >"PTR is an old-internet c

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In message <5453adcd.7090...@redbarn.org>, Paul Vixie writes >and yet, every proposal i've seen concerning IPv6 PTR screams silently, >"PTR is an old-internet concept which no longer applies." it's as if we >were trying to placate a bunch of apps tha

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Paul Wouters > Friday, October 31, 2014 9:29 AM > On Fri, 31 Oct 2014, Paul Vixie wrote: > >> if you have a business grade connection to the internet, you should be >> able to establish a PTR for each real host. > > Oh, you want me to pay an additional $2000/month to use

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Fri, 31 Oct 2014, Paul Vixie wrote: if you have a business grade connection to the internet, you should be able to establish a PTR for each real host. Oh, you want me to pay an additional $2000/month to use IPv6 with email. in other words i didn't relegate your address to third party stat

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Paul > Friday, October 31, 2014 6:50 AM > Not sure why Paul Vixie wants to relegate my IPv6 address to third > class citizen that's not good enough to be a peer on the Internet for > port 25. your question is a nonsequitur. i have no such desire. > I'd ask him, but his

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Bob Harold > Friday, October 31, 2014 6:02 AM > > ... > > I recall running into applications that refused to accept connections > (or took a very long time) if the reverse DNS lookup was not found. > If memory serves, telnet and ssh on some hosts. Do we know if the

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

>Not sure why Paul Vixie wants to relegate my IPv6 address to third class >citizen that's >not good enough to be a peer on the Internet for port 25. I'd ask him, but his >mail server >refuses my email due to my ISPs lack of reverse IPv6 :p > >I'm all for anti-spam heuristics, but checking the rev

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Not sure why Paul Vixie wants to relegate my IPv6 address to third class citizen that's not good enough to be a peer on the Internet for port 25. I'd ask him, but his mail server refuses my email due to my ISPs lack of reverse IPv6 :p I'm all for anti-spam heuristics, but checking the reverse i

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Bob Harold wrote: > I recall running into applications that refused to accept connections (or > took a very long time) if the reverse DNS lookup was not found. If memory > serves, telnet and ssh on some hosts. Do we know if there are still > applications like that? Ubuntu has a long-standing bug

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Fri, Oct 31, 2014 at 1:28 AM, Paul Vixie wrote: > ... > > i suggest an efficiency improvement: don't manufacture these PTR's in the > first place. let last-mile devices be PTR-free. signal to anti-spam folks, > such as myself, by this method, that these are not real "hosts" and should > not be

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Doug Barton > Thursday, October 30, 2014 9:00 PM > > > Of course not, but it is one that the ISP makes, and that distinction > is useful to the anti-spam folks. IETF should not be making judgements as to what an ISP will value, because not all ISP's behave as you de

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On 10/30/14 6:02 PM, Ted Lemon wrote: On Oct 30, 2014, at 6:05 PM, Doug Barton wrote: 1. "Residential" users, or more specifically, those who will not be/should not be running services on their addresses This is not a value judgment the IETF should be making. Of course not, but it is one t

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Oct 30, 2014, at 6:05 PM, Doug Barton wrote: > 1. "Residential" users, or more specifically, those who will not be/should > not be running services on their addresses This is not a value judgment the IETF should be making. ___ DNSOP mailing list DN

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

In message , Lee Howard writes: > > > On 10/23/14 5:17 PM, "Mark Andrews" wrote: > > > > >In message , Lee Howard writes: > >> > >> From: Mwendwa Kivuva > >> Date: Thursday, October 23, 2014 7:23 AM > >> To: dnsop

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Lee, I don't see any discussion in your draft about why rDNS is needed in this space. IME there are typically 2 uses cases: 1. "Residential" users, or more specifically, those who will not be/should not be running services on their addresses 2. "Commercial" users, who may be running things

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Thu, Oct 30, 2014 at 5:26 PM, Lee Howard wrote: > > > On 10/23/14 5:17 PM, "Mark Andrews" wrote: > >> >>In message , Lee Howard writes: >>> >>> From: Mwendwa Kivuva >>> Date: Thursday, October 23, 2014 7:23 AM >>> To

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On 10/23/14 5:17 PM, "Mark Andrews" wrote: > >In message , Lee Howard writes: >> >> From: Mwendwa Kivuva >> Date: Thursday, October 23, 2014 7:23 AM >> To: dnsop >> Subject: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service >>Pr

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

P Vixie wrote: > Ohta-san, like you I would like to see stateless address auto > configuration for ipv6 (SLAAC) die in a fire. Sadly this outcome is > beyond our powers. Not necessarily. > Let's start from where we are, no matter how unpleasant that place > may be. Vixie >From where we are, f

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Ohta-san, like you I would like to see stateless address auto configuration for ipv6 (SLAAC) die in a fire. Sadly this outcome is beyond our powers. Let's start from where we are, no matter how unpleasant that place may be. Vixie -- Sent from my Android device with K-9 Mail. Please excuse my bre

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Paul Vixie wrote: > william simpson was right in 1996. we should have moved "get host > name corresponding to IP" to ICMP. the problems described by lee > howard's draft are proof that our whole model is wrong. Wrong. What's wrong is SLAAC, which is stateful in the worst possible fashion with d

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Ted Lemon > Thursday, October 23, 2014 11:16 AM > > Right, 'cuz there's nothing at all difficult about getting ICMP to > work... :) understood. but that's part of what makes this a good solution. systems need to learn to live with hosts whose names they cannot gu

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Oct 23, 2014, at 1:50 PM, Paul Vixie wrote: > william simpson was right in 1996. we should have moved "get host name > corresponding to IP" to ICMP. the problems described by lee howard's draft > are proof that our whole model is wrong. Right, 'cuz there's nothing at all difficult about gett

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Ted Lemon > Thursday, October 23, 2014 7:02 AM > > For me at least the main values of the reverse DNS are: > > - answers the question "what host is contacting me" in situations > where I am _not_ under attack, which is really useful in logs and > other debugging a

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

From: Mwendwa Kivuva Date: Thursday, October 23, 2014 7:23 AM To: dnsop Subject: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers > Refering to the draft by Lee Howard > https://tools.ietf.org/html/draft-howard-dnsop-ip6rdns-00 > > and given the weakness of

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Oct 23, 2014, at 7:23 AM, Mwendwa Kivuva wrote: > and given the weakness of the Reverse DNS access for security purposes, what > problem is this draft trying to solve? If we need to find the host that has > sent an email associated with an address, would we better let DKIM address > that wit

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

and given the weakness of the Reverse DNS access for security purposes, what problem is this draft trying to solve? If we need to find the host that has sent an email associated with an address, would we better let DKIM address that without a separate lookup in the receiving server? DKIM detec

[DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Refering to the draft by Lee Howard https://tools.ietf.org/html/draft-howard-dnsop-ip6rdns-00 and given the weakness of the Reverse DNS access for security purposes, what problem is this draft trying to solve? If we need to find the host that has sent an email associated with an address, would we