IETF Logo Mail Archive

RE: [dnsop] Re: Review of draft-ietf-dnsop-inaddr-required

"Brett Carr" <brettcarr@ripe.net> Mon, 30 January 2006 13:31 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F3Z84-0000ME-Qz for dnsop-archive@megatron.ietf.org; Mon, 30 Jan 2006 08:31:37 -0500
Received: from mailapps.uoregon.edu (mailapps.uoregon.edu [128.223.142.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA22918 for <dnsop-archive@lists.ietf.org>; Mon, 30 Jan 2006 08:30:00 -0500 (EST)
Received: from mailapps.uoregon.edu (IDENT:U2FsdGVkX19QJdPf/myJKX7EpNVuNgYHemRMpuF9m3M@localhost [127.0.0.1]) by mailapps.uoregon.edu (8.13.5/8.13.5) with ESMTP id k0UCdfOP012588; Mon, 30 Jan 2006 04:39:41 -0800
Received: (from majordom@localhost) by mailapps.uoregon.edu (8.13.5/8.13.5/Submit) id k0UCdfct012587; Mon, 30 Jan 2006 04:39:41 -0800
Received: from postman.ripe.net (postman.ripe.net [193.0.0.199]) by mailapps.uoregon.edu (8.13.5/8.13.5) with ESMTP id k0UCdeQ0012582 for <dnsop@lists.uoregon.edu>; Mon, 30 Jan 2006 04:39:41 -0800
Received: by postman.ripe.net (Postfix, from userid 4008) id 751E524165; Mon, 30 Jan 2006 13:39:35 +0100 (CET)
Received: from herring.ripe.net (herring.ripe.net [193.0.1.203]) by postman.ripe.net (Postfix) with ESMTP id 608922415A; Mon, 30 Jan 2006 13:39:34 +0100 (CET)
Received: from brettxp2 (brett-xp2.singel.ripe.net [193.0.2.180]) by herring.ripe.net (Postfix) with ESMTP id 5D3A12F583; Mon, 30 Jan 2006 13:39:34 +0100 (CET)
From: Brett Carr <brettcarr@ripe.net>
To: 'Stephane Bortzmeyer' <bortzmeyer@nic.fr>, 'Andrew Sullivan' <andrew@ca.afilias.info>
Cc: dnsop@lists.uoregon.edu
Subject: RE: [dnsop] Re: Review of draft-ietf-dnsop-inaddr-required
Date: Mon, 30 Jan 2006 13:40:48 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: AcYlg7x+EH4Fe0I7SZ+QZGmYRclaxwAFP0/Q
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
In-Reply-To: <20060130084113.GA12773@nic.fr>
Message-Id: <20060130123934.5D3A12F583@herring.ripe.net>
X-RIPE-Spam-Tests: BAYES_00,MSGID_FROM_MTA_ID
X-RIPE-Spam-Status: N 0.063471 / -0.9
X-RIPE-Signature: 1fb4f126abffa8ee75c31638c98b3bd7
X-Virus-Scanned: ClamAV 0.88/1260/Mon Jan 30 02:41:27 2006 on mailapps
X-Virus-Status: Clean
Sender: owner-dnsop@lists.uoregon.edu
Precedence: bulk
Content-Transfer-Encoding: 7bit

> -----Original Message-----
> From: owner-dnsop@lists.uoregon.edu 
> [mailto:owner-dnsop@lists.uoregon.edu] On Behalf Of Stephane 
> Bortzmeyer
> Sent: Monday, January 30, 2006 9:41 AM
> To: Andrew Sullivan
> Cc: dnsop@lists.uoregon.edu
> Subject: [dnsop] Re: Review of draft-ietf-dnsop-inaddr-required
> 
> On Fri, Jan 27, 2006 at 05:32:57PM -0500,  Andrew Sullivan 
> <andrew@ca.afilias.info> wrote  a message of 54 lines which said:
> 
> > The discussion in section 3 notes that there are a number of 
> > unfortunate consequences of missing IN-ADDR.  It seems to 
> me therefore 
> > that the recommendations in section 4 come out as a little too 
> > ambivalent: the suggestion appears to be that IN-ADDR is a 
> good thing, 
> > but that people shouldn't really use it.
> 
> If I may, IMHO, the real issue is not wether PTR are good or 
> not but "Are people able to create and modify them?" and the 
> answer is NO for many cases. 

I would say in the majority of cases most end users (by this I mean
businesses willing and able to run their own stable dns servers) are able to
get reverse delegation from their network provider.
What are these cases, maybe we can address the problem of what causes this
inability to provide reverse delegation.

> Because, even if you love PTR and you want to add them, you 
> depend on persons above (in the DNS reverse tree) you. I 
> deeply regret that the draft does not emphasize this problem 
> (may be because IETFers are typically working near the 
> ".arpa" apex and do not see the problems of the poor guys at 
> the bottom of the tree).

Then maybe this problem also needs addressing in a separate draft, but I
don't think that difficulty in obtaining PTR should stop us encouraging the
use of it.

> 
> Therefore, mandating the use of PTR records is a Bad Thing.
> 

Well I would also say that maybe this document is badly titled as it doesn't
seem to mandate the use of PTR so much as encourage it.

Taken from the Introduction:

"This document both encourages the presence of these mappings and
discourages reliance on such mappings for security checks."


> [I can add that getting a ip6.arpa or in-addr.arpa delegation 
> from above is more difficult in some parts of the world. 
> Mandating PTR records means banning Africa, for instance.]
> 

Well I don't think any of us wants to see moves that would ban users In
Africa from using the internet however I still say encouraging users to use
reverse mappings where they are able to do so (especially in areas of
Internet growth such as Africa) is an important message.

Brett

--
Brett Carr                              RIPE Network Coordination Centre
Systems Engineer -- Operations Group    Amsterdam, Netherlands
GPG Key fingerprint = F20D B2A7 C91D E370 44CF  F244 B6A1 EF48 E743 F7D8


.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html

v2.23.0 | Report a Bug | By Email