[159382] in North American Network Operators' Group
Re: [SHAME] Spam Rats
daemon@ATHENA.MIT.EDU (Mark Andrews)
Thu Jan 10 00:49:31 2013
To: "John Levine" <johnl@iecc.com>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "10 Jan 2013 05:34:29 -0000."
<20130110053429.55493.qmail@joyce.lan>
Date: Thu, 10 Jan 2013 16:49:10 +1100
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In message <20130110053429.55493.qmail@joyce.lan>, "John Levine" writes:
> >No point. address -> name -> address doesn't work with wildcards.
> >
> >> (Still an IPv6 implementation virgin, just curious :) )
>
> If you want to do generic IPv6 rDNS for all your hosts, you're
> stuck with a variety of less than great possibilities.
>
> One is a stunt rDNS server that synthesizes the records on demand.
> (Bonus points for doing DNSSEC, too. Double bonus points for doing
> NSEC3.)
NSEC3 is a waste of time in ip6.arpa or any similarly structured
zone so -1000000 for doing NEC3 and effectively doing a DoS attack
against yourself and the client resolvers.
> Another is instrumenting the routers so that when they notice
> a new host on their network, they somehow send an update to the DNS
> servers to install rDNS for that host.
>
> If I had to guess, I would say that we'll eventually agree than on
> IPv6 networks, mail servers and other hosts who have reputations that
> matter will have fixed addresses assigned statically or via DHCP and
> rDNS, random client hosts won't. Teeth will gnash at how this makes
> some hosts second class and it violates the end to end principle, but
> tough noogies.
>
> R's,
> John
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
