On Sat, Nov 25, 2017 at 10:41:13PM +0500, Tariq Saraj <tariqsa...@gmail.com> wrote a message of 60 lines which said:
> Please provide your valuable feedback on the newly uploaded draft. > draft-tariq-dnsop-iviptr-00 > <https://datatracker.ietf.org/doc/draft-tariq-dnsop-iviptr/> > *IVIPTR: Resource Record for DNS* The only use case you describe (firewall configuration) is questionable. Most firewall configuration interfaces allow you to use domain names instead of IP addresses. So, if I want to allow port 443 to www.example.com (which has IPv4 and IP v6 addresses), I can. Note that many firewall administrators don't use this because, rightly or wrongly, they don't trust the DNS. They'll have the same issue with your proposal. By the way, that's why you _need_ to write something in the Security Considerations, probably mentioning DNSSEC. Otherwise, I'm not convinced by your argument against using PTR. If people don't configure PTRs to get the effect you want, it may be because: * they don't want to (so they don't need your proposal) * they're lazy or incompetent (so they'll ignore your proposal) _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
