Re: [DNSOP] WGLC: "Considerations for the use of DNS Reverse Mapping"

[JINMEI Tatuya / 神明達哉 <jinmei@wide.ad.jp>]

(My first attempt was moderated due to from address mismatch, so I'm
resending it fixing the address.  Sorry for the duplicate)

Hello,

Sorry for the long delay.  I've been overwhelmed by some other things...

At Sat, 29 Mar 2008 00:46:57 -0400,
Brian Dickson <briand@ca.afilias.info> wrote:

> > As a meta (and most substantial) level, this version still doesn't
> > answer the fundamental question I asked a year ago: "why *should* one
> > provide reverse mappings for all IP addresses they manage? (despite
> > the cost of the provision)?".
> 
> I'd like to get a better understanding of your concern.
> Is it that you don't understand why one should, or that the document 
> doesn't include the answer itself?

I guess it's both, but the more important point in this context for me
is the latter.

> In other words, if someone on the list answers the question, without 
> that changing the document,
> would you then support it based on your new-found understanding?

You probably mean whether the main point is the former, and if so, I'm
afraid I wouldn't.  I'd first like to be convinced about why one
should, and (since I don't think it's well described in the current
document) I'd then like the draft to reflect it.

I'm now planning to respond to your other points, but before doing so
please let me jump to one specific point.  That might make the other
things marginal.

>From dnsop-bounces@ietf.org  Thu Apr  3 19:25:52 2008
Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@optimus.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id F12463A6CA1;
	Thu,  3 Apr 2008 19:25:51 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 93B9B28C17F
	for <dnsop@core3.amsl.com>; Thu,  3 Apr 2008 19:25:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.6
X-Spam-Level: 
X-Spam-Status: No, score=0.6 tagged_above=-999 required=5
	tests=[BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id VrC7Uob137pr for <dnsop@core3.amsl.com>;
	Thu,  3 Apr 2008 19:25:49 -0700 (PDT)
Received: from mon.jinmei.org (mon.jinmei.org [IPv6:2001:4f8:3:36::162])
	by core3.amsl.com (Postfix) with ESMTP id 4508F3A6BD4
	for <dnsop@ietf.org>; Thu,  3 Apr 2008 19:25:49 -0700 (PDT)
Received: from dhcp-191.sql1.isc.org (unknown
	[IPv6:2001:4f8:3:bb:58ec:1cae:5433:2ee3])
	by mon.jinmei.org (Postfix) with ESMTP id 7D44A33C2E;
	Thu,  3 Apr 2008 19:25:53 -0700 (PDT)
Date: Thu, 03 Apr 2008 19:25:53 -0700
Message-ID: <m2lk3ujqz2.wl%Jinmei_Tatuya@isc.org>
From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?=
	<jinmei@wide.ad.jp>
To: Brian Dickson <briand@ca.afilias.info>
In-Reply-To: <47EEA725.2060807@ca.afilias.info>
References: <20080314034500.GE7553@x27.adm.denic.de>
	<20080326142252.GA11184@nic.fr>
	<20080329191803.GA362@commandprompt.com>
	<47EEA725.2060807@ca.afilias.info>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/22.1 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Cc: dnsop@ietf.org, Andrew Sullivan <ajs@commandprompt.com>
Subject: Re: [DNSOP] WGLC: "Considerations for the use
	of	DNS	Reverse	Mapping"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
	<mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
	<mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

(My first attempt was moderated due to from address mismatch, so I'm
resending it fixing the address.  Sorry for the duplicate)

Hello,

Sorry for the long delay.  I've been overwhelmed by some other things...

At Sat, 29 Mar 2008 00:46:57 -0400,
Brian Dickson <briand@ca.afilias.info> wrote:

> > As a meta (and most substantial) level, this version still doesn't
> > answer the fundamental question I asked a year ago: "why *should* one
> > provide reverse mappings for all IP addresses they manage? (despite
> > the cost of the provision)?".
> 
> I'd like to get a better understanding of your concern.
> Is it that you don't understand why one should, or that the document 
> doesn't include the answer itself?

I guess it's both, but the more important point in this context for me
is the latter.

> In other words, if someone on the list answers the question, without 
> that changing the document,
> would you then support it based on your new-found understanding?

You probably mean whether the main point is the former, and if so, I'm
afraid I wouldn't.  I'd first like to be convinced about why one
should, and (since I don't think it's well described in the current
document) I'd then like the draft to reflect it.

I'm now planning to respond to your other points, but before doing so
please let me jump to one specific point.  That might make the other
things marginal.
 > Also Section 4.2
> >
> >    Unless there are strong counter-considerations, such as a high
> >    probability of forcing large numbers of queries to use TCP, IP
> >    addresses in use within a range and referenced in a forward mapping
> >    should have a reverse mapping.
> >
> > I failed to understand this sentence.  Does this mean
> >
> >    IP addresses that are
> >       - in use within a range, and
> >       - referenced in a forward mapping
> >    should have a reverse mapping.
> >
> >   
> This one - if *both* conditions are met.

Okay.  Then let me discuss one specific address:
"2001:4f8:3:bb:58ec:1cae:5433:2ee3".  It's a temporary (in terms of
RFC4941) address of my laptop created from another IPv6 address that
is configured via stateless address autoconfiguration.  As far as I
know, there is no forward mapping (i.e., AAAA RR) whose rdata is this
address.  So, it's not "in use within a range, and referenced in a
forward mapping".  Does this mean this address is not covered by the
above sentence of Section 4.2?

Referring to the Andrew's response:

At Sun, 30 Mar 2008 11:42:34 -0400,
Andrew Sullivan <ajs@commandprompt.com> wrote:

> > or something else?  In either case, does this mean we don't have to
> > provide reverse mappings for addresses that are NOT referenced in a
> > forward mapping?
> 
> No.  We added this text exactly to address your previous objection
> that the text appeared to be requiring that every IP address anybody
> uses has to have a reverse map, which is absurd since every IP address
> in use doesn't need to have a forward map.

I'm still not sure...The "No" seems to say this temporary address is
still covered by this sentence, but the following sentence seems to
indicate the opposite.

Could either of you clarify this point?

Thanks,

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop



> > Also Section 4.2
> >
> >    Unless there are strong counter-considerations, such as a high
> >    probability of forcing large numbers of queries to use TCP, IP
> >    addresses in use within a range and referenced in a forward mapping
> >    should have a reverse mapping.
> >
> > I failed to understand this sentence.  Does this mean
> >
> >    IP addresses that are
> >       - in use within a range, and
> >       - referenced in a forward mapping
> >    should have a reverse mapping.
> >
> >   
> This one - if *both* conditions are met.

Okay.  Then let me discuss one specific address:
"2001:4f8:3:bb:58ec:1cae:5433:2ee3".  It's a temporary (in terms of
RFC4941) address of my laptop created from another IPv6 address that
is configured via stateless address autoconfiguration.  As far as I
know, there is no forward mapping (i.e., AAAA RR) whose rdata is this
address.  So, it's not "in use within a range, and referenced in a
forward mapping".  Does this mean this address is not covered by the
above sentence of Section 4.2?

Referring to the Andrew's response:

At Sun, 30 Mar 2008 11:42:34 -0400,
Andrew Sullivan <ajs@commandprompt.com> wrote:

> > or something else?  In either case, does this mean we don't have to
> > provide reverse mappings for addresses that are NOT referenced in a
> > forward mapping?
> 
> No.  We added this text exactly to address your previous objection
> that the text appeared to be requiring that every IP address anybody
> uses has to have a reverse map, which is absurd since every IP address
> in use doesn't need to have a forward map.

I'm still not sure...The "No" seems to say this temporary address is
still covered by this sentence, but the following sentence seems to
indicate the opposite.

Could either of you clarify this point?

Thanks,

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop