> John Levine <mailto:jo...@taugh.com> > Saturday, November 01, 2014 1:51 PM >> I entirely agree ... the fact that reverse DNS works as a heuristic (and >> not an especially key heuristic) for IPv4 is not a reason for the >> considerable effort required to try and make it work as a an equally >> flawed heuristic on IPv6. > > ... So let's not bother. Yes, we have ways for hosts to install > DNS entries for the addresses they're using, but they're not widely > adopted, and I have bad feelings about their security characteristics. > (Hostile or buggy botware does an address hopping DDoS on your DNS > infrastructure, for example.) john, richard, (others,) i've now heard from our friends in the last mile industry that the new york times web site won't serve web content to client IP's that lack PTR's. i havn't tested this, but hear me out. there is no RFC saying when PTR's are recommended and when not. john's formulation, <<There is a heuristic that says any host which is intended to act as a server visible to hosts on the public Internet should have matching forward and reverse DNS. (It does not say the converse; the presence of DNS doesn't mean a host is good, the absence means it's bad.) This seems to me to be perfectly relevant in IPv6>>, suits me just fine.
if there were an RFC (let's be charitable and assume it would have to be an FYI due to lack of consensus) that gave reasons why PTR's would be needed and reasons why the absence might be better (so, internet access vs. internet service), then that RFC might give our last-mile industry buddies the air cover they need to be first movers in dropping PTR's for both V6 and V4 "internet access" addresses. it'll mean visiting the NYT tech team in person, no doubt, and then similar outreach to other smaller players. hard as it will be, dropping PTR for "internet access" addresses is at least "thinkable", unlike, say, universal Source Address Validation. john, you're fast-good-and-cheap when it comes to whipping up sole-purpose RFC's. let us know which 25 of us you would like to list as co-authors, and we'll get you our "authors addresses" text blobs. -- Paul Vixie
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
