RE: [dnsop] Re: Review of draft-ietf-dnsop-inaddr-required
Daniel Senie <dts@senie.com> Mon, 30 January 2006 14:54 UTC
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F3aQW-0006re-Qb for dnsop-archive@megatron.ietf.org; Mon, 30 Jan 2006 09:54:51 -0500
Received: from mailapps.uoregon.edu (mailapps.uoregon.edu [128.223.142.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA28461 for <dnsop-archive@lists.ietf.org>; Mon, 30 Jan 2006 09:52:56 -0500 (EST)
Received: from mailapps.uoregon.edu (IDENT:U2FsdGVkX18aIG2xb2mX4lgIRqJmnyV157RatZ46K9c@localhost [127.0.0.1]) by mailapps.uoregon.edu (8.13.5/8.13.5) with ESMTP id k0UDxlKQ013619; Mon, 30 Jan 2006 05:59:47 -0800
Received: (from majordom@localhost) by mailapps.uoregon.edu (8.13.5/8.13.5/Submit) id k0UDxlRK013618; Mon, 30 Jan 2006 05:59:47 -0800
Received: from parsley.amaranth.net (parsley.amaranth.net [204.10.1.23]) by mailapps.uoregon.edu (8.13.5/8.13.5) with ESMTP id k0UDxkPQ013612 for <dnsop@lists.uoregon.edu>; Mon, 30 Jan 2006 05:59:47 -0800
Received: from ancho.senie.com (c-24-34-19-2.hsd1.ma.comcast.net [24.34.19.2]) (authenticated bits=0) by parsley.amaranth.net (8.12.11/8.12.11) with ESMTP id k0UDxdwA012469 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 30 Jan 2006 08:59:42 -0500
Message-Id: <6.2.5.6.2.20060130085048.078ebbe8@senie.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Mon, 30 Jan 2006 08:56:53 -0500
To: Brett Carr <brettcarr@ripe.net>, 'Stephane Bortzmeyer' <bortzmeyer@nic.fr>, 'Andrew Sullivan' <andrew@ca.afilias.info>
From: Daniel Senie <dts@senie.com>
Subject: RE: [dnsop] Re: Review of draft-ietf-dnsop-inaddr-required
Cc: dnsop@lists.uoregon.edu
In-Reply-To: <20060130123934.5D3A12F583@herring.ripe.net>
References: <20060130084113.GA12773@nic.fr> <20060130123934.5D3A12F583@herring.ripe.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Virus-Scanned: ClamAV 0.88/1260/Mon Jan 30 02:41:27 2006 on mailapps
X-Virus-Scanned: ClamAV version 0.87.1, clamav-milter version 0.87 on parsley.amaranth.net
X-Virus-Status: Clean
Sender: owner-dnsop@lists.uoregon.edu
Precedence: bulk
At 07:40 AM 1/30/2006, Brett Carr wrote: > > -----Original Message----- > > From: owner-dnsop@lists.uoregon.edu > > [mailto:owner-dnsop@lists.uoregon.edu] On Behalf Of Stephane > > Bortzmeyer > > Sent: Monday, January 30, 2006 9:41 AM > > To: Andrew Sullivan > > Cc: dnsop@lists.uoregon.edu > > Subject: [dnsop] Re: Review of draft-ietf-dnsop-inaddr-required > > > > On Fri, Jan 27, 2006 at 05:32:57PM -0500, Andrew Sullivan > > <andrew@ca.afilias.info> wrote a message of 54 lines which said: > > > > > The discussion in section 3 notes that there are a number of > > > unfortunate consequences of missing IN-ADDR. It seems to > > me therefore > > > that the recommendations in section 4 come out as a little too > > > ambivalent: the suggestion appears to be that IN-ADDR is a > > good thing, > > > but that people shouldn't really use it. > > > > If I may, IMHO, the real issue is not wether PTR are good or > > not but "Are people able to create and modify them?" and the > > answer is NO for many cases. > >I would say in the majority of cases most end users (by this I mean >businesses willing and able to run their own stable dns servers) are able to >get reverse delegation from their network provider. >What are these cases, maybe we can address the problem of what causes this >inability to provide reverse delegation. > > > Because, even if you love PTR and you want to add them, you > > depend on persons above (in the DNS reverse tree) you. I > > deeply regret that the draft does not emphasize this problem > > (may be because IETFers are typically working near the > > ".arpa" apex and do not see the problems of the poor guys at > > the bottom of the tree). > >Then maybe this problem also needs addressing in a separate draft, but I >don't think that difficulty in obtaining PTR should stop us encouraging the >use of it. I concur on this. The reality is some regions of the world have little trouble with this, while others have a lot. Similarly some classes of connectivity have more trouble than others. That some large broadband providers, in their quest to race to the bottom of the pricing heap, have no margin left to service business customers adequately is a business problem, not a protocol problem. The point of this document, or any other BCP-tracked document, is to recommend how things should be done, not to explain how to live with things as they are. BCP38 is a good example of this. There are lots of folks who still don't want to do ingress filtering, yet there are many who do it and it helps. Should we not have published BCP38 because the recommendations require much cooperation to be effective or that some network operators won't cooperatively implement it? Having a BCP say "this is the preferred way to do something" would in this instance provide those not getting PTR record control from their ISPs with something to point to, saying "it'd be nice if you gave us a way to do PTR record work, so that we can comply with BCP xxx" or some such. > > > > Therefore, mandating the use of PTR records is a Bad Thing. > > > >Well I would also say that maybe this document is badly titled as it doesn't >seem to mandate the use of PTR so much as encourage it. Please look at the actual title in the draft, and not the file name. The file naming is historical. The tone and scope has changed significantly since the first draft, to tone done the requirement aspect. >Taken from the Introduction: > >"This document both encourages the presence of these mappings and >discourages reliance on such mappings for security checks." > > > > [I can add that getting a ip6.arpa or in-addr.arpa delegation > > from above is more difficult in some parts of the world. > > Mandating PTR records means banning Africa, for instance.] > > > >Well I don't think any of us wants to see moves that would ban users In >Africa from using the internet however I still say encouraging users to use >reverse mappings where they are able to do so (especially in areas of >Internet growth such as Africa) is an important message. > >Brett > >-- >Brett Carr RIPE Network Coordination Centre >Systems Engineer -- Operations Group Amsterdam, Netherlands >GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8 > > >. >dnsop resources:_____________________________________________________ >web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html >mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
- [dnsop] Review of draft-ietf-dnsop-inaddr-required Andrew Sullivan
- [dnsop] Re: Review of draft-ietf-dnsop-inaddr-req… Stephane Bortzmeyer
- [dnsop] Re: Review of draft-ietf-dnsop-inaddr-req… Andrew Sullivan
- RE: [dnsop] Re: Review of draft-ietf-dnsop-inaddr… Brett Carr
- [dnsop] Re: Review of draft-ietf-dnsop-inaddr-req… 'Stephane Bortzmeyer'
- Re: [dnsop] Re: Review of draft-ietf-dnsop-inaddr… Jim Reid
- RE: [dnsop] Re: Review of draft-ietf-dnsop-inaddr… Daniel Senie
- Re: [dnsop] Re: Review of draft-ietf-dnsop-inaddr… Andras Salamon
- [dnsop] Re: Review of draft-ietf-dnsop-inaddr-req… Stephane Bortzmeyer
- [dnsop] Re: Review of draft-ietf-dnsop-inaddr-req… Jim Reid
- Re: [dnsop] Re: Review of draft-ietf-dnsop-inaddr… Shane Kerr
- Re: [dnsop] Re: Review of draft-ietf-dnsop-inaddr… Måns Nilsson