RE: (ngtrans) Re: The reverse lookup issue

["Jeroen Massar" <jeroen@unfix.org>]

[ post by non-subscriber.  with the massive amount of spam, it is easy to
  miss and therefore delete mis-posts.  so fix subscription addresses! ]

Robert Elz wrote:

> There's actually an intermediate position.   That is, we keep the
> reverse lookup tree, but we just make it clear that we no longer
> expect people to populate it fully.   Or if they like, not to
> populate it at all.
<SNIP>

There are currently a few 'applications' for PTR's/reverse lookups:
* traceroute reverse
But not everyone fills in 'useful' data anymore, and with v6 that will
probably end too.
Especially as you probably won't be letting a router do a dynamic DNS
update(1) or something :)

* IRC
Which really is the *only* reason most people want a PTR. "Look mummy I
look cool on IRC".
Especially with the dnsspamming, and yes I know the people who sell
domain names or provide
dns services like that a lot, it's their wallet getting filled, but
unfortunatly in the v4 world every
irc-vhost takes one IP of the stack that could have been used for
another user's end2end connection.
But maybe that's a better question for e2e and not for people providing
dns services...

* Logging purposes
If one logs into a box with SSH, the server will reverse+forward check
the hostname, and use
that in the logs and 'who' which is much clearer as
3FFE:8114:2000:240:290:27FF:FE24:C19F
for instance. These loggings also are done for other protocols like FTP
and SMTP. Some SMTP's
refuse service if the reverse+forward doesn't match, though that doesn't
happen a lot.

Summing up, the reverses are just cosmetical and usually bogus unless
you check reverse&forward
to be the same and even then: what's the use of 4.3.2.1 PTR
1-2-3-4.example.net or in v6 space:
4.3.2.1.4.3.2.1.4.3.2.1.4.3.2.1.4.3.2.1.4.3.2.1.4.3.2.1.4.3.2.1.ip6.arpa
/int PTR 1234.1234.1234.1234.... :)

Requiring them to be there is 'insane', as we'll probably end up with
the above, though some ISP's
are known to use a big dictionary to fill them out, which is nice but
still isn't usefull ;)
Having the possibility to resolve them can be 'cosmetically nice' though
there isn't any other advantage.
If one need to know where an IP is at use the whois, but then there are
always people saying that
it wasn't 'designed' for that purpose. But it is still the single most
'secure' place of finding out the owner
and the abuse/contact addresses of an IP, which is probably where IP
lookups are mostly used for: reporting problems.

There are currently (afaik) two ways of handling 'reverse' lookups:
- PTR record in DNS
- icmp6 message to the host.

The first one (PTR) can be 'protected' from evil doing, the second one
can be easily spoofed and
doesn't really proove a thing as it can be invented by the admin of the
box.
But it's more usual for the host to know it's own/real/in-use hostname
than for DNS to know it.

(1) = Dynamic updates, will you really be going to let every user of
your ISP update the reverses?
In a company thats probably very different, if you got a nice tightly
controlled environment.
But then again, ofcourse we got
http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html ;)

Greets,
 Jeroen




--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>