IETF Logo Mail Archive

Re: [DNSOP] WGLC: "Considerations for the use of DNS Reverse Mapping"

Andrew Sullivan <ajs@commandprompt.com> Sun, 30 March 2008 15:55 UTC

Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: ietfarch-dnsop-archive@core3.amsl.com
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6468828C2D4; Sun, 30 Mar 2008 08:55:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.529
X-Spam-Level:
X-Spam-Status: No, score=-100.529 tagged_above=-999 required=5 tests=[AWL=-0.092, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4BwErmKxxEhQ; Sun, 30 Mar 2008 08:55:09 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6348728C280; Sun, 30 Mar 2008 08:55:09 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 216C228C0FA for <dnsop@core3.amsl.com>; Sun, 30 Mar 2008 08:55:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kCkxYB0ISyoN for <dnsop@core3.amsl.com>; Sun, 30 Mar 2008 08:55:08 -0700 (PDT)
Received: from lists.commandprompt.com (host-159.commandprompt.net [207.173.203.159]) by core3.amsl.com (Postfix) with ESMTP id 31DFA28C274 for <dnsop@ietf.org>; Sun, 30 Mar 2008 08:55:08 -0700 (PDT)
Received: from commandprompt.com (129-2-175-74.wireless.umd.edu [129.2.175.74]) (authenticated bits=0) by lists.commandprompt.com (8.13.8/8.13.8) with ESMTP id m2UFtcOu004547 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <dnsop@ietf.org>; Sun, 30 Mar 2008 08:55:40 -0700
Date: Sun, 30 Mar 2008 11:55:04 -0400
From: Andrew Sullivan <ajs@commandprompt.com>
To: dnsop@ietf.org
Message-ID: <20080330155503.GB780@commandprompt.com>
References: <20080314034500.GE7553@x27.adm.denic.de> <m2fxualb3y.wl%Jinmei_Tatuya@isc.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <m2fxualb3y.wl%Jinmei_Tatuya@isc.org>
User-Agent: Mutt/1.5.17 (2007-11-01)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (lists.commandprompt.com [207.173.203.159]); Sun, 30 Mar 2008 08:55:41 -0700 (PDT)
Subject: Re: [DNSOP] WGLC: "Considerations for the use of DNS Reverse Mapping"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

Hello,

On Fri, Mar 28, 2008 at 03:47:29PM -0700, JINMEI Tatuya / 神明達哉 wrote:

>    Starting from a given IPv4 address (possibly the result of a query
>    for an A RR), the term "existing reverse data" means that a query for
>    <reversed-ip4-address>.in-addr.arpa. type PTR results in a response
>    other than Name Error.
> 
> I don't think this definition is 100% appropriate.  Consider the case
> where a PTR RR is not provided for <reversed-ip4-address>.in-addr.arpa
> but some other type of RR (e.g. TXT) is.  

(And similar).  Excellent point.  Thanks very much!

Given the discussion later in this thread, the definitions seem still
to need more work.  I'll try to put final proposed text together.
I've opened issue 20 for this.

> 2. In Section 2.1 (last line of page 4)
> 
>    attacker could acquire access either by by putting the target host

Thanks.  I've fixed this in the source.

Best regards,

A

-- 
Andrew Sullivan
ajs@commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email