[166264] in North American Network Operators' Group
Re: comcast ipv6 PTR - DNSSEC
daemon@ATHENA.MIT.EDU (Barry Shein)
Tue Oct 15 14:34:00 2013
From: Barry Shein <bzs@world.std.com>
Date: Tue, 15 Oct 2013 14:32:48 -0400
To: bmanning@vacation.karoshi.com
In-Reply-To: <20131015034505.GB26360@vacation.karoshi.com.>
Cc: John Levine <johnl@iecc.com>, NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On October 15, 2013 at 03:45 bmanning@vacation.karoshi.com (bmanning@vacation.karoshi.com) wrote:
>
> Forward domains and Reverse domains are often managed by different
> organizations - so if you were a paranoid validator, wanting to check
> that the name was from the correct place, you'd want to do DNSSEC
> validation on both the name and the address.
>
> Not going to weigh in on the value proposition.
Unless, as is frequently the case, the only test is: NXDOMAIN? Reject,
Anything but NXDOMAIN? Accept.
--
-Barry Shein
The World | bzs@TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
