nanog mailing list archives
Re: comcast ipv6 PTR
From: Bjørn Mork <bjorn () mork no>
Date: Tue, 15 Oct 2013 18:20:40 +0200
Joe Abley <jabley () hopcount ca> writes:
On 2013-10-15, at 10:57, Bjørn Mork <bjorn () mork no> wrote:Mark Andrews <marka () isc org> writes:People keep saying the PTR records don't mean anything yet still demand really strong authentication for updates of PTR records. TCP is more than a strong enough authenticator to support update from self.This sounded like an excellent idea at first, but then I started thinking: As a home user, would I really want to give anyone with access to my network the right to change my reverse delegation?I think what you'd be doing is giving anybody you have assigned an IPv6 address to the ability to update the PTR (or a delegation, since Mark suggested that too) for that particular address. So, it's not "my reverse delegation", it's "my 2^80 or fewer reverse delegations" (if you've been assigned a /48).
Ah, right. I understood the proposal as "any address within then /48 can update the delegation for the /48 reverse". But if that would be 2^80 distinct delegations or PTRs, then I am worrying about luser stupidiy and the ability to DoS the name server. I guess this can be combined with some sort of limit, making it fly? Still don't see the advantage of being able to delegate if it's only single address delegations. But allowing a limited number of PTR updates based on TCP sounds like a nice idea. Going to consider that. For the full /48 delegation I don't see any other option than making it part of a self service portal. But the marketing/product droids usually don't want that sort of "complex" techical stuff for retail users. Probably for good reasons... In any case: All of you should expect legitimate, technical brilliant users attempting to connect to your SMTP servers from IPv6 addresses with no PTR records. This is not going to go away. You are of course free to refuse those connections, but personally I find a that rather arrogant and pretty stupid decision. The existence of a PTR record is one of many factors to consider for your spam filter. There never has been any reason to make it an absolute requirement, and I am pretty sure the score needs to be lowered with IPv6. Bjørn (yes, my mail server has a proper IPv6 reverse record, but that's only because I am in a position to create the reverse delegation....)
Current thread:
- Re: comcast ipv6 PTR, (continued)
- Re: comcast ipv6 PTR Lee Howard (Oct 17)
- Re: comcast ipv6 PTR Bjørn Mork (Oct 17)
- Re: comcast ipv6 PTR Mark Andrews (Oct 17)
- Re: comcast ipv6 PTR Jean-Francois . TremblayING (Oct 15)
- Re: comcast ipv6 PTR John R. Levine (Oct 15)
- Re: comcast ipv6 PTR joel jaeggli (Oct 15)
- Re: comcast ipv6 PTR joel jaeggli (Oct 15)
- Re: comcast ipv6 PTR Mark Andrews (Oct 15)
- Re: comcast ipv6 PTR Bjørn Mork (Oct 15)
- Re: comcast ipv6 PTR Joe Abley (Oct 15)
- Re: comcast ipv6 PTR Bjørn Mork (Oct 15)
- Re: comcast ipv6 PTR Brielle Bruns (Oct 15)
- Re: comcast ipv6 PTR Mark Andrews (Oct 16)
- Re: comcast ipv6 PTR Valdis . Kletnieks (Oct 16)
- Re: comcast ipv6 PTR Mark Andrews (Oct 16)
- Re: comcast ipv6 PTR Matt Palmer (Oct 16)
- Re: comcast ipv6 PTR Mark Andrews (Oct 16)
- Re: comcast ipv6 PTR Lyndon Nerenberg (Oct 16)
- Re: comcast ipv6 PTR Mark Andrews (Oct 16)
- Re: comcast ipv6 PTR Eugen Leitl (Oct 17)
- Re: comcast ipv6 PTR Mark Andrews (Oct 15)