[48892] in North American Network Operators' Group
Re: ATTBI refuses to do reverse DNS?
daemon@ATHENA.MIT.EDU (Chris Woodfield)
Wed Jun 19 10:42:16 2002
Date: Wed, 19 Jun 2002 10:38:13 -0400
From: Chris Woodfield <rekoil@semihuman.com>
To: North America Network Operators Group Mailing List <nanog@merit.edu>
In-Reply-To: <20020619032338.2D1F0AC@proven.weird.com>
Errors-To: owner-nanog-outgoing@merit.edu
--zhXaljGHf11kAtnf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
If the people who "vote with their wallets" here are the ATTBI customers, d=
on't=20
forget that if you're not served by DSL, cable broadband is really the only=
=20
good option for broadband access (I'm not counting satellite, with >1s ping=
=20
times, or wireless, which is still in its infancy as a residential solution=
).=20
And rarely will you find a home anywhere in the US served by more than one=
=20
cable company.
Makes it kinda kard to vote with your wallet when the vendor has de facto=
=20
monopoly power.
-C
> The people who are supposedly hurt here are those who ultimately have
> the most influence. In the end they can vote with their wallets even if
> they can't edit the appropriate zone files directly. (And the whole
> idea behind DNS trust really revolves around having two different
> parties agree on the mapping, not in simply allowing the user to edit
> their own reverse DNS!)=20
>=20
> > Just as=20
> > Network Address Translation is not a security solution, neither is chec=
king=20
> > INADDR.
>=20
> I don't think anyone has said that DNS consistency is a security
> solution. You keep confusing these concepts I think. It's only one
> tiny part of the picture. Fully consistent DNS only increases the level
> of trust you can have in the hostnames used. Since hostnames are
> supposed to be more stable than IP addresses, you _want_ to have more
> trust in the hostnames, but with current protocols you cannot unless
> there is full consistency between forward and reverse lookups.
>=20
> > Now if you check INADDR over Secure DNS, you might start having=20
> > some level of information to trust.
>=20
> We can only hope, but I'll believe it when I see it.
>=20
> --=20
> Greg A. Woods
>=20
> +1 416 218-0098; <gwoods@acm.org>; <g.a.woods@ieee.org>; <woods@roboha=
ck.ca>
> Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weir=
d.com>
--zhXaljGHf11kAtnf
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9EJdVqP/YiunDNcERAmN1AJ9bTKG5zYIRZP4/KvAKvayDZUa81QCbBTG8
xZ02yGGUFuJWXXOQNkT+cpc=
=AtQW
-----END PGP SIGNATURE-----
--zhXaljGHf11kAtnf--
