Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6rdns-03.txt
Lee Howard <lee@asgard.org> Wed, 15 March 2017 20:37 UTC
Return-Path: <lee@asgard.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9BEF131826 for <dnsop@ietfa.amsl.com>; Wed, 15 Mar 2017 13:37:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.394
X-Spam-Level:
X-Spam-Status: No, score=-5.394 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.796, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HvkMRDh9eEeM for <dnsop@ietfa.amsl.com>; Wed, 15 Mar 2017 13:37:44 -0700 (PDT)
Received: from atl4mhob12.myregisteredsite.com (atl4mhob12.myregisteredsite.com [209.17.115.50]) by ietfa.amsl.com (Postfix) with ESMTP id 1FA67131831 for <dnsop@ietf.org>; Wed, 15 Mar 2017 13:37:43 -0700 (PDT)
Received: from mailpod.hostingplatform.com ([10.30.71.204]) by atl4mhob12.myregisteredsite.com (8.14.4/8.14.4) with ESMTP id v2FKbfZ3020585 for <dnsop@ietf.org>; Wed, 15 Mar 2017 16:37:41 -0400
Received: (qmail 2850 invoked by uid 0); 15 Mar 2017 20:37:41 -0000
X-TCPREMOTEIP: 68.100.68.25
X-Authenticated-UID: lee@asgard.org
Received: from unknown (HELO ?192.168.1.160?) (lee@asgard.org@68.100.68.25) by 0 with ESMTPA; 15 Mar 2017 20:37:39 -0000
User-Agent: Microsoft-MacOutlook/14.7.2.170228
Date: Wed, 15 Mar 2017 16:37:35 -0400
From: Lee Howard <lee@asgard.org>
To: dnsop@ietf.org
Message-ID: <D4EF170B.700A9%lee@asgard.org>
Thread-Topic: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6rdns-03.txt
References: <148960242305.14237.6433299035570274359@ietfa.amsl.com>
In-Reply-To: <148960242305.14237.6433299035570274359@ietfa.amsl.com>
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/5ORrQ12ZCxHK54PatEvmwJmLI_8>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6rdns-03.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2017 20:37:46 -0000
This was posted a couple of weeks ago, but got wedged in systems. Diff is at https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-isp-ip6rdns-03 I think this version is responsive to all of the comments from the previous WGLC. Some specific changes: 1. I do not think there is consensus that having PTRs is or is not a best practice, so emphasizing the lack of consensus lets us move on to what an ISP can do, if they care to do anything. The first paragraph has been overhauled to say "While the need for a PTR record and for it to match is debatable as a best practice, some network services [see Section 3] still do rely on PTR lookups, and some check the source address of incoming connections and verify that the PTR and A records match before providing service.² The same theme is supported by watering the second paragraph: ³ Administrators at ISPs should consider whether customer PTR records are needed, and if so, evaluate methods for responding to reverse DNS queries in IPv6." 2. Privacy considerations. Added section: 6. Privacy Considerations Given considerations in [hostname], hostnames that provide information about a user compromises that user's privacy. Some users may want to identify their hosts using user-specified hostnames, but the default behavior should not be to identify a user, their location, their connectivity, or other information in a PTR record. I¹ve also changed the example PTRs from ³user.town.AW.² to ³string.region." 3. Dynamic DNS, on how to find a dDNS server Ammended the sentence: There is no standard way to indicate to a host what server it should send dDNS updates to; the master listed in the SOA is often assumed to be a dDNS server, but this may not scale. 4. Manual user updates. Inserted a section on this: It is possible to create a user interface, such as a web page, that would allow end users to enter a hostname to associate with an address. Such an interface would need to be authenticated (only the authorized user could add/change/delete entries). It would need to specify only the host bits if the ISP changes prefixes assigned to customers, and the back end would therefore need to be integrated with prefix assignments, so that when a new prefix was assigned to a customer, the DNS service would look up user-generated hostnames and delete the old record and create the new one. Considerations about some records being static and others dynamic or dynamically generated (section 2.5) and the creativity of users (section 2.3) still apply. Also inserted a note inside ³on the fly² records: It may be possible to allow user-specified hostnames for some records and generate others on the fly; looking up a record before generating on the fly may slow responses or may not scale well. 5. One more use case: "Service discovery: [RFC6763] specifies "DNS-based Service Discovery" and section 11 specifically describes how PTRs are used." 6. Noted that several servers are capable of DNS on-the-fly and removed concerns about load. A couple of comments to which this document is not responsive: I did not make any changes proposing new solutions: this is an operations document, not a technical spec. I did not describe what additional applications do when there¹s no PTR; there are six examples. I did not revise the paragraph on negative response; I couldn¹t think how to make the difference between timeout (lame) and NXDomain clearer. In reading these notes I see I¹ve used different capitalization; oops. I did not insist that ISPs must allow residential users to host mail servers, or provide static addresses; it is out of scope. The point of this document is that ISPs deploying IPv6 keep (still!) saying, ³What do we do about PTRs?² If somebody wants to propose a new technical solution, I encourage them to do so; I¹m not up to it. A lot of people think PTRs for residential users; while I sympathize with that position, I am certain that there is not consensus on that point, and therefore we cannot say it is stupid in a consensus document. Since these changes are substantive and substantial, there should be another WGLC. Please comment! No need to wait for WGLC! Thanks, Lee On 3/15/17, 2:27 PM, "dnsop-bounces@ietf.org on behalf of internet-drafts@ietf.org" <dnsop-bounces@ietf.org on behalf of internet-drafts@ietf.org> wrote: > >A New Internet-Draft is available from the on-line Internet-Drafts >directories. >This draft is a work item of the Domain Name System Operations of the >IETF. > > Title : Reverse DNS in IPv6 for Internet Service >Providers > Author : Lee Howard > Filename : draft-ietf-dnsop-isp-ip6rdns-03.txt > Pages : 14 > Date : 2017-03-04 > >Abstract: > In IPv4, Internet Service Providers (ISPs) commonly provide IN- > ADDR.ARPA information for their customers by prepopulating the zone > with one PTR record for every available address. This practice does > not scale in IPv6. This document analyzes different approaches and > considerations for ISPs in managing the ip6.arpa zone for IPv6 > address space assigned to many customers. > > >The IETF datatracker status page for this draft is: >https://datatracker.ietf.org/doc/draft-ietf-dnsop-isp-ip6rdns/ > >There's also a htmlized version available at: >https://tools.ietf.org/html/draft-ietf-dnsop-isp-ip6rdns-03 > >A diff from the previous version is available at: >https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-isp-ip6rdns-03 > > >Please note that it may take a couple of minutes from the time of >submission >until the htmlized version and diff are available at tools.ietf.org. > >Internet-Drafts are also available by anonymous FTP at: >ftp://ftp.ietf.org/internet-drafts/ > >_______________________________________________ >DNSOP mailing list >DNSOP@ietf.org >https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6rdns-… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… Lee Howard
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… Philip Homburg
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… Lee Howard
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… Andrew Sullivan
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… Lee Howard
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… Philip Homburg
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… John Levine
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… Bjørn Mork
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… Lee Howard
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… John R Levine
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… John R Levine
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… Philip Homburg
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-isp-ip6r… Woodworth, John R