[166590] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Reverse DNS RFCs and Recommendations

daemon@ATHENA.MIT.EDU (Masataka Ohta)
Fri Nov 1 03:01:24 2013

Date: Fri, 01 Nov 2013 16:03:56 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
To: nanog@nanog.org
In-Reply-To: <20131031235110.D505696611F@rock.dv.isc.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

Mark Andrews wrote:

> That said it is possible to completely automate the secure assignment
> of PTR records.  It is also possible to completely automate the
> secure delegation of the reverse name space.  See
> http://tools.ietf.org/html/draft-andrews-dnsop-pd-reverse-00

It is a lot simpler and a lot more practical just to
use shared secret between a CPE and a ISP's name server
for TSIG generation.

As the secret can be directly shared end to end, it is more
secure than DNSSEC involving untrustworthy third parties.

						Masataka Ohta


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[166590] in North American Network Operators' Group

Re: Reverse DNS RFCs and Recommendations

daemon@ATHENA.MIT.EDU (Masataka Ohta)Fri Nov 1 03:01:24 2013

daemon@ATHENA.MIT.EDU (Masataka Ohta)
Fri Nov 1 03:01:24 2013