[166653] in North American Network Operators' Group
Re: Reverse DNS RFCs and Recommendations
daemon@ATHENA.MIT.EDU (Masataka Ohta)
Sat Nov 2 08:37:15 2013
Date: Sat, 02 Nov 2013 21:39:41 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
To: Sander Steffann <sander@steffann.nl>
In-Reply-To: <AAC2BED5-AE55-4AAB-9212-B14CC8CF1FD5@steffann.nl>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Sander Steffann wrote:
> Hi,
Hi,
>> Even if the CPE does so, which means there is no NAT, the key to
>> update rDNS must, naturally, be contained only in DHCP reply to the
>> CPE.
>
> You are misunderstanding the technology. Many cable operators offer a
> cable modem in bridged mode so that the customer can attach his own
> home-router behind it.
The situation is no different from:
>> If you mind wire tapping, you have other things to worry
>> about, which needs your access line encrypted (by a manually
>> configured password), which makes DHCP packets invisible.
Though some ISPs do not operate their network very securely,
you can't have better security than that offered by your local
ISP.
Also remember that this thread is on secure rDNS by the ISP,
which means you can't expect the ISP operate rDNS very securely
even though the ISP operate rest of networking not very securely.
Masataka Ohta
