Re: [SHAME] Spam Rats

[Mark Andrews <marka () isc org>]

In message <20130110053429.55493.qmail () joyce lan>, "John Levine" writes:
> > No point.  address -> name -> address doesn't work with wildcards.
> >
> > > (Still an IPv6 implementation virgin, just curious :) )
>
> If you want to do generic IPv6 rDNS for all your hosts, you're
> stuck with a variety of less than great possibilities.
>
> One is a stunt rDNS server that synthesizes the records on demand.
> (Bonus points for doing DNSSEC, too. Double bonus points for doing
> NSEC3.)

NSEC3 is a waste of time in ip6.arpa or any similarly structured
zone so -1000000 for doing NEC3 and effectively doing a DoS attack
against yourself and the client resolvers.

> Another is instrumenting the routers so that when they notice
> a new host on their network, they somehow send an update to the DNS
> servers to install rDNS for that host.
>
> If I had to guess, I would say that we'll eventually agree than on
> IPv6 networks, mail servers and other hosts who have reputations that
> matter will have fixed addresses assigned statically or via DHCP and
> rDNS, random client hosts won't.  Teeth will gnash at how this makes
> some hosts second class and it violates the end to end principle, but
> tough noogies.
>
> R's,
> John
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org