[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
comcast ipv6 PTR - DNSSEC
- Subject: comcast ipv6 PTR - DNSSEC
- From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com)
- Date: Tue, 15 Oct 2013 03:45:05 +0000
- In-reply-to: <CAAAwwbW5ZFTzEJskXcGmRpPZuT0y=jA02cwOX1wkUzJa2+mUoQ@mail.gmail.com>
- References: <[email protected]> <[email protected]> <[email protected]> <CAAAwwbW5ZFTzEJskXcGmRpPZuT0y=jA02cwOX1wkUzJa2+mUoQ@mail.gmail.com>
On Mon, Oct 14, 2013 at 10:18:15PM -0500, Jimmy Hess wrote:
> On Mon, Oct 14, 2013 at 10:01 PM, Barry Shein <bzs at world.std.com> wrote:
>
>
> > >This would be a lot of work, so nobody does it.
> > >If someone asks for the rdns for:
> > > 2001:0db8:85a3:0042:1000:8a2e:0370:7334
> > >it's a lot of work for example.com to return something like:
> > > 2001-0db8-85a3-0042-1000-8a2e-0370-7334.example.com
> > >?
> >
> >
> No... it's not a lot of work; the problem is, it's maybe worth even
> less than the amount of work involved though.
>
> What piece of information is being expressed there that would not be
> expressed by a NXDOMAIN response?
>
> Assuming the user is residential ".example.com" pertains to the ISP,
> not the hostname at that IP address. The ISP's info is accessible via
> services such as WHOIS-RWS
>
>
> How about some wildcard PTR record ?
>
> *.3.a.5.8.8.b.d.0.1.0.0.2.ip6.arpa PTR unnamedhost.example.com.
>
> It's equally useless; and conveys equally limited information about the
> host.
>
> However, at least it doesn't generate spurious records that are just (IP
> repeated).(domain)
>
> --
> -JH
Forward domains and Reverse domains are often managed by different
organizations - so if you were a paranoid validator, wanting to check
that the name was from the correct place, you'd want to do DNSSEC
validation on both the name and the address.
Not going to weigh in on the value proposition.
/bill