nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: comcast ipv6 PTR - DNSSEC

From: bmanning () vacation karoshi com
Date: Tue, 15 Oct 2013 03:45:05 +0000
On Mon, Oct 14, 2013 at 10:18:15PM -0500, Jimmy Hess wrote:

On Mon, Oct 14, 2013 at 10:01 PM, Barry Shein <bzs () world std com> wrote:



This would be a lot of work, so nobody does it.
If someone asks for the rdns for:

  >  2001:0db8:85a3:0042:1000:8a2e:0370:7334

it's a lot of work for example.com to return something like:
  2001-0db8-85a3-0042-1000-8a2e-0370-7334.example.com
?




No... it's not a lot of work;   the problem is,  it's maybe worth  even
less than the amount of work involved though.

What piece of information is being expressed there that would not be
 expressed by a NXDOMAIN response?

Assuming the user is residential  ".example.com"   pertains to the ISP,
 not the hostname at that IP address. The ISP's info    is accessible via
services such as WHOIS-RWS


How about some  wildcard PTR record ?

*.3.a.5.8.8.b.d.0.1.0.0.2.ip6.arpa     PTR     unnamedhost.example.com.

 It's equally useless; and conveys equally limited information about the
host.

However, at least it doesn't generate spurious records  that are just  (IP
repeated).(domain)

-- 
-JH



        Forward domains and Reverse domains are often managed by different 
        organizations - so if you were a paranoid validator, wanting to check 
        that the name was from the correct place, you'd want to do DNSSEC 
        validation on both the name and the address.

        Not going to weigh in on the value proposition.


/bill
Previous By Date Next
Previous By Thread Next

Current thread: