[Hipsec-rg] reverse DNS lookups of HITs
oleg.ponomarev at hiit.fi (Oleg Ponomarev) Tue, 13 January 2009 10:21 UTC
From: "oleg.ponomarev at hiit.fi"
Date: Tue, 13 Jan 2009 12:21:06 +0200
Subject: [Hipsec-rg] reverse DNS lookups of HITs
In-Reply-To: <BC5BEFD4-1EFC-43DB-BD37-55E12F00408E@indranet.co.nz>
References: <E1LMUy5-00069S-00@alva.home> <alpine.LFD.2.00.0901130935560.17180@stargazer.pc.infrahip.net> <BC5BEFD4-1EFC-43DB-BD37-55E12F00408E@indranet.co.nz>
Message-ID: <alpine.LFD.2.00.0901131152290.17180@stargazer.pc.infrahip.net>
Hi! On Tue, 13 Jan 2009, Andrew McGregor wrote: >> I might have a mistaken view, but usually we only check the presence of the >> key in the list of authorized/known keys, so we do not need such a lookup. > > I think that was exactly the point... we don't need such lookups. ... for the SSH keys, when we have complete list of them in a file. This may be not the case for millions of host identities. > Personally, I think there is no need for reverse lookups. How many hosts use HIP in your network? I implemented this because I was irritated by [trimmed] hex sequences in the netstat output (for example). I prefer understandable names and also had reverse zones (locally) for RFC1918 addresses in another network with thousands of hosts which nobody could remember by heart. I would like to grant access to the clients from example-company.com regardless of their current locators. If there is no forward confirmed reverse DNS, what should I do now? One could use reverse DNS for the reputation purposes. -- Regards, Oleg.
- [Hipsec-rg] meeting minutes posted Henderson, Thomas R
- [Hipsec-rg] reverse DNS lookups of HITs Henderson, Thomas R
- [Hipsec-rg] reverse DNS lookups of HITs Oleg Ponomarev
- [Hipsec-rg] reverse DNS lookups of HITs Miika Komu
- [Hipsec-rg] reverse DNS lookups of HITs Oleg Ponomarev
- [Hipsec-rg] reverse DNS lookups of HITs Andrew McGregor
- [Hipsec-rg] reverse DNS lookups of HITs Oleg Ponomarev
- [Hipsec-rg] reverse DNS lookups of HITs Andrew McGregor
- [Hipsec-rg] reverse DNS lookups of HITs Oleg Ponomarev
- [Hipsec-rg] reverse DNS lookups of HITs Xu Xiaohu
- [Hipsec-rg] reverse DNS lookups of HITs Henderson, Thomas R
- [Hipsec-rg] reverse DNS lookups of HITs Tim Shepard
- [Hipsec-rg] reverse DNS lookups of HITs Oleg Ponomarev
- [Hipsec-rg] reverse DNS lookups of HITs Henderson, Thomas R
- [Hipsec-rg] reverse DNS lookups of HITs Oleg Ponomarev
- [Hipsec-rg] reverse DNS lookups of HITs (was RE: … Henderson, Thomas R
- [Hipsec-rg] meeting minutes posted Oleg Ponomarev
- [Hipsec-rg] meeting minutes posted Henderson, Thomas R
- [Hipsec-rg] meeting minutes posted Oleg Ponomarev
- [Hipsec-rg] meeting minutes posted Henderson, Thomas R
- [Hipsec-rg] reverse DNS lookups of HITs Miika Komu
- [Hipsec-rg] meeting minutes posted Oleg Ponomarev