nanog mailing list archives
Re: ATTBI refuses to do reverse DNS?
From: woods () weird com (Greg A. Woods)
Date: Tue, 18 Jun 2002 23:23:38 -0400 (EDT)
[ On Tuesday, June 18, 2002 at 17:47:10 (-0400), Daniel Senie wrote: ]
Subject: Re: ATTBI refuses to do reverse DNS? While I believe people SHOULD be providing INADDR service, the people hurt by refusing connections are rarely the ones who have any influence.
On the contrary! The people who are supposedly hurt here are those who ultimately have the most influence. In the end they can vote with their wallets even if they can't edit the appropriate zone files directly. (And the whole idea behind DNS trust really revolves around having two different parties agree on the mapping, not in simply allowing the user to edit their own reverse DNS!)
Just as Network Address Translation is not a security solution, neither is checking INADDR.
I don't think anyone has said that DNS consistency is a security solution. You keep confusing these concepts I think. It's only one tiny part of the picture. Fully consistent DNS only increases the level of trust you can have in the hostnames used. Since hostnames are supposed to be more stable than IP addresses, you _want_ to have more trust in the hostnames, but with current protocols you cannot unless there is full consistency between forward and reverse lookups.
Now if you check INADDR over Secure DNS, you might start having some level of information to trust.
We can only hope, but I'll believe it when I see it. -- Greg A. Woods +1 416 218-0098; <gwoods () acm org>; <g.a.woods () ieee org>; <woods () robohack ca> Planix, Inc. <woods () planix com>; VE3TCP; Secrets of the Weird <woods () weird com>
Current thread:
- ATTBI refuses to do reverse DNS? Lou Katz (Jun 18)
- Re: ATTBI refuses to do reverse DNS? brett watson (Jun 18)
- Re: ATTBI refuses to do reverse DNS? Daniel Senie (Jun 18)
- Re: ATTBI refuses to do reverse DNS? Greg A. Woods (Jun 18)
- Re: ATTBI refuses to do reverse DNS? David Schwartz (Jun 18)
- Re: ATTBI refuses to do reverse DNS? Stephen Griffin (Jun 18)
- Re: ATTBI refuses to do reverse DNS? Daniel Senie (Jun 18)
- Re: ATTBI refuses to do reverse DNS? Greg A. Woods (Jun 18)
- Re: ATTBI refuses to do reverse DNS? Chris Woodfield (Jun 19)
- Re: ATTBI refuses to do reverse DNS? Greg A. Woods (Jun 19)
- Cable as Common Carrier (was Re: ATTBI refuses to do reverse DNS?) Robert A. Hayden (Jun 19)
- Re: ATTBI refuses to do reverse DNS? Chris Woodfield (Jun 19)
- Re: ATTBI refuses to do reverse DNS? Daniel Senie (Jun 19)
- Re: ATTBI refuses to do reverse DNS? Frank P. Tower (Jun 19)
- Re: ATTBI refuses to do reverse DNS? Greg A. Woods (Jun 18)
- RE: ATTBI refuses to do reverse DNS? Jim Popovitch (Jun 19)
- Re: ATTBI refuses to do reverse DNS? Stephen Griffin (Jun 19)
- Re: ATTBI refuses to do reverse DNS? Stephen Sprunk (Jun 18)
- Re: ATTBI refuses to do reverse DNS? Jared Mauch (Jun 18)