On Nov 11, 2014, at 5:48 PM, Lee Howard <l...@asgard.org> wrote:

> Many SSH servers (by default) reject connections from IP addresses without
> PTRs.
> This is stupid.
> 
> I heard applause during the WG meeting in response to these statements;
> sounded like consensus to me. I said I would check that consensus on list.
> 
> Thanks,
> Lee


Lee, 

The usage case that got brought up at the mike “PTR records are used by logging 
systems” 
got me thinking “when does a logging system need this information” 
and the answer is I think “when a human is looking at the log” in all other 
cases if the system is running at 
high speed the delay in looking up addresses is just too long.
Thus I would say the usage case is “a log processing tool MAY do PTR lookups” 
the real information about addresses can be extracted from other sources as 
well like 
whois and geo-location data bases etc. 

The other usage case that I can think of is network debugging. 

Thus the real question in this case “what granularity in name is needed and 
when ?” 

Below is short list of of possible requirement based on the needs of these two 
“usage cases”

We all love having the names displayed by trace route for each hop ==> 
        names of router interfaces are a SHOULD in my mind 

We all want big services to have PTR records, this web servers, mail servers, 
etc. 
        Addresses that provide services SHOULD have a PTR record 

“End-user” addresses do not need a PTR record but could be simple wild card 
responses like “Customer.HNL.biz-ISP.net” 
as none is complaining about 
123.136.133.31.in-addr.arpa. 3600 IN    PTR     dhcp-887b.meeting.ietf.org.
or 
9.5.9.d.7.4.e.f.f.f.9.e.f.c.a.2.6.3.1.0.0.7.3.0.c.7.6.0.1.0.0.2.ip6.arpa. 15 IN 
PTR s2001067c037001362acfe9fffe47d959.hotel-wireless.v6.meeting.ietf.org.


This message  raised some questions
On Nov 11, 2014, at 5:29 PM, George Michaelson <g...@algebras.org> wrote:

> I'll take a dollar for every query in PTR we take at the ipv4  /8 and Ipv6 
> /12 level. Thats somewhere around 170,000/sec.
> 
> Luckily, you'll all stop before I have the entire western economy in my 
> pocket, but thats ok. I'll take the cents.. I'll take the millicents... 
> 
> Seriously: the volume of query is not small. It may be pointless but by golly 
> its popular.
> 
> What do people do with it? I have no idea. But as long as people want to 
> query, the RIR are happy to anchor the domains.
> 

That to me indicates that people use log post processing all the time and 
Intrusion Detection Systems are doing PTR lookups
by policy 
For IDS are their expectations any different than log processors?
and if IDS’s are taking decisions based on the content of PTR records what 
granularity do they need? 

  Olafur


_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to