On Nov 11, 2014, at 5:48 PM, Lee Howard <l...@asgard.org> wrote: > Many SSH servers (by default) reject connections from IP addresses without > PTRs. > This is stupid. > > I heard applause during the WG meeting in response to these statements; > sounded like consensus to me. I said I would check that consensus on list. > > Thanks, > Lee
Lee, The usage case that got brought up at the mike “PTR records are used by logging systems” got me thinking “when does a logging system need this information” and the answer is I think “when a human is looking at the log” in all other cases if the system is running at high speed the delay in looking up addresses is just too long. Thus I would say the usage case is “a log processing tool MAY do PTR lookups” the real information about addresses can be extracted from other sources as well like whois and geo-location data bases etc. The other usage case that I can think of is network debugging. Thus the real question in this case “what granularity in name is needed and when ?” Below is short list of of possible requirement based on the needs of these two “usage cases” We all love having the names displayed by trace route for each hop ==> names of router interfaces are a SHOULD in my mind We all want big services to have PTR records, this web servers, mail servers, etc. Addresses that provide services SHOULD have a PTR record “End-user” addresses do not need a PTR record but could be simple wild card responses like “Customer.HNL.biz-ISP.net” as none is complaining about 123.136.133.31.in-addr.arpa. 3600 IN PTR dhcp-887b.meeting.ietf.org. or 9.5.9.d.7.4.e.f.f.f.9.e.f.c.a.2.6.3.1.0.0.7.3.0.c.7.6.0.1.0.0.2.ip6.arpa. 15 IN PTR s2001067c037001362acfe9fffe47d959.hotel-wireless.v6.meeting.ietf.org. This message raised some questions On Nov 11, 2014, at 5:29 PM, George Michaelson <g...@algebras.org> wrote: > I'll take a dollar for every query in PTR we take at the ipv4 /8 and Ipv6 > /12 level. Thats somewhere around 170,000/sec. > > Luckily, you'll all stop before I have the entire western economy in my > pocket, but thats ok. I'll take the cents.. I'll take the millicents... > > Seriously: the volume of query is not small. It may be pointless but by golly > its popular. > > What do people do with it? I have no idea. But as long as people want to > query, the RIR are happy to anchor the domains. > That to me indicates that people use log post processing all the time and Intrusion Detection Systems are doing PTR lookups by policy For IDS are their expectations any different than log processors? and if IDS’s are taking decisions based on the content of PTR records what granularity do they need? Olafur
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop