On 10/14/2013 07:47 PM, John Levine wrote:
Doing rDNS on random hosts in IPv6 would be very hard.
* PTR generic.reverse.record.isp.net.
can we move on now?
In message <20131015024711.55297.qm...@joyce.lan>, "John Levine" writes:
> >Is there any reason other than email where clients might demand RDNS?
>
> There's a few other protocols that want rDNS on the servers. IRC maybe.
>
> Doing rDNS on random hosts in IPv6 would be very hard. Servers are
>
On Mon, Oct 14, 2013 at 10:18:15PM -0500, Jimmy Hess wrote:
> On Mon, Oct 14, 2013 at 10:01 PM, Barry Shein wrote:
>
>
> > >This would be a lot of work, so nobody does it.
> > >If someone asks for the rdns for:
> > > 2001:0db8:85a3:0042:1000:8a2e:0370:7334
> > >it's a lot of work for example.
>it's a lot of work for example.com to return something like:
>
> 2001-0db8-85a3-0042-1000-8a2e-0370-7334.example.com
Add some NSEC3 records and, yeah, it's a lot of work. And for what?
On Mon, Oct 14, 2013 at 10:01 PM, Barry Shein wrote:
> >This would be a lot of work, so nobody does it.
> >If someone asks for the rdns for:
> > 2001:0db8:85a3:0042:1000:8a2e:0370:7334
> >it's a lot of work for example.com to return something like:
> > 2001-0db8-85a3-0042-1000-8a2e-0370-733
>This would be a lot of work, so nobody does it.
If someone asks for the rdns for:
2001:0db8:85a3:0042:1000:8a2e:0370:7334
it's a lot of work for example.com to return something like:
2001-0db8-85a3-0042-1000-8a2e-0370-7334.example.com
?
What it means, exactly, is a different discussio
That gets to the core of the original question. I figured there must be a
reason for the conscious omission. However, I've noticed also that Comcast
hasn't bothered to give PTR to their routers, either.
I think that's a horse of a different color. Leaving out PTR on the last
hop for the residen
>Is there any reason other than email where clients might demand RDNS?
There's a few other protocols that want rDNS on the servers. IRC maybe.
Doing rDNS on random hosts in IPv6 would be very hard. Servers are
configured with static addresses which you can put in the DNS and
rDNS, but normal us
On October 15, 2013 at 01:23 fmar...@linkedin.com (Franck Martin) wrote:
> If you want to block spam on IPv6, then you can start by rejecting
> connections to SMTP from any IPv6 that do not have a PTR. No need to analyze
> the format of the PTR.
>
> It is in several recommendations that a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/14/2013 6:23 PM, Franck Martin wrote:
> If you want to block spam on IPv6, then you can start by rejecting
> connections to SMTP from any IPv6 that do not have a PTR. No need to
> analyze the format of the PTR.
>
> It is in several recommendati
If you want to block spam on IPv6, then you can start by rejecting connections
to SMTP from any IPv6 that do not have a PTR. No need to analyze the format of
the PTR.
It is in several recommendations that a sending email IP must have a PTR.
That ISPs will not do a PTR on all IPv6 but only on st
On October 15, 2013 at 02:28 l...@asgard.org (Lee Howard) wrote:
>
>
> On 10/10/13 1:09 AM, "Barry Shein" wrote:
>
> >
> >On October 9, 2013 at 20:18 c...@cmadams.net (Chris Adams) wrote:
> > > Once upon a time, Barry Shein said:
> > > > It's very useful for blocking spammers and othe
On 10/10/13 1:09 AM, "Barry Shein" wrote:
>
>On October 9, 2013 at 20:18 c...@cmadams.net (Chris Adams) wrote:
> > Once upon a time, Barry Shein said:
> > > It's very useful for blocking spammers and other miscreants -- no
> > > reason at all to accept SMTP connections from troublesome
> > > *
On October 10, 2013 at 12:35 ma...@isc.org (Mark Andrews) wrote:
>
> Yes that comes with the risk of additional spam but get over it and
> run proper abuse desks.
With all due respect I don't think you have an inkling of the
magnitude of the spam problem if you can say something like this. An
On October 9, 2013 at 20:18 c...@cmadams.net (Chris Adams) wrote:
> Once upon a time, Barry Shein said:
> > It's very useful for blocking spammers and other miscreants -- no
> > reason at all to accept SMTP connections from troublesome
> > *.rev.domain.net at all, no matter what the preceding
>If people really want to use generic reverse names and have realised
>that the v6 address space is much too big for $GENERATE, one approach is
>to delegate the appropriate zones to a custom nameserver that can
>auto-generate PTRs on demand. There are scaling problems here, but
>probably nothing th
In message <21077.65231.279689.263...@world.std.com>, Barry Shein writes:
>
> On October 9, 2013 at 11:49 c...@cmadams.net (Chris Adams) wrote:
> > Once upon a time, Robert Webb said:
> > > But how would thet differ from the IPv4 address space which has PTR
> > > records for all their IP's? J
Once upon a time, Barry Shein said:
> It's very useful for blocking spammers and other miscreants -- no
> reason at all to accept SMTP connections from troublesome
> *.rev.domain.net at all, no matter what the preceding NNN-NNN-NNN-NNN
> is.
If you are going to block like that, just block anybody
On October 9, 2013 at 11:49 c...@cmadams.net (Chris Adams) wrote:
> Once upon a time, Robert Webb said:
> > But how would thet differ from the IPv4 address space which has PTR
> > records for all their IP's? Just the shear number they would have to
> > deal with in the IPv6 space?
>
> Oh,
On 10/10/13 03:30, Constantine A. Murenin wrote:
> Yet, apparently, Google has very recently completely stopped accepting
> email with no PTR records.
They also don't try very hard to get the PTR record. If the packet is
lost, has a routing issue, or a DDoS prevents reliable access to the
name ser
On Oct 9, 2013, at 12:35 PM, Blair Trosper wrote:
> Does anyone know why (or can someone from Comcast explain why) there is no
> PTR on their residential/business IPv6 addresses?
Which IPv6 addresses:
1 delegated WAN address?
2 end systems on delegated LAN prefix or with static assignments?
Once upon a time, Constantine A. Murenin said:
> On my Linode over the summer, it seems like this was the first mention
> of IPv6 in my errorlog:
I didn't see a problem, but my OCD-ness kicked in immediately when I got
my Linode IPv6 - I've always had valid reverse DNS on IPv6 and IPv4
there.
--
On 10/9/13 12:59 PM, "Paul Ferguson" wrote:
>That's not necessarily true -- some (very large) organizations using
>DMARC will reject mail from hosts without a PTR record.
True, but a residential customer with a cable modem bootfile that blocks
port 25 wouldn't find that an issue.
Jason
On 10/9/13 12:52 PM, "Blair Trosper" wrote:
>That's essentially what I'm getting at. If the v6 addresses/blocks are
>allocated in a similar fashion to IPv4, where the octets are clearly named
>by state and "hsd1", then I don't see why they should lack PTR.
With the small # of IPv4 addresses, g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/9/2013 10:08 AM, Chris Adams wrote:
Once upon a time, Paul Ferguson said:
>That's not necessarily true -- some (very large) organizations using
>DMARC will reject mail from hosts without a PTR record.
And that's a good reason to have reve
On 9 October 2013 09:58, Andrew Sullivan wrote:
> On Wed, Oct 09, 2013 at 11:35:16AM -0500, Blair Trosper wrote:
>> Does anyone know why (or can someone from Comcast explain why) there is no
>> PTR on their residential/business IPv6 addresses?
>
> Probably because of the considerations in
> http:/
On 2013-10-09, at 10:10, Chris Adams wrote:
> Once upon a time, Blair Trosper said:
>> True, but the location information, at least the state, is quasi-helpful.
>
> That's another good reason to have reverse records for defined router
> interfaces. Auto-generated reverse for eveything doesn't
Once upon a time, Paul Ferguson said:
> That's not necessarily true -- some (very large) organizations using DMARC
> will reject mail from hosts without a PTR record.
And that's a good reason to have reverse records for you mail servers.
Auto-generated reverse really shouldn't be trusted for anyt
Once upon a time, Blair Trosper said:
> True, but the location information, at least the state, is quasi-helpful.
That's another good reason to have reverse records for defined router
interfaces. Auto-generated reverse for eveything doesn't give any
useful info though.
--
Chris Adams
True, but the location information, at least the state, is quasi-helpful.
You may be right about PTR being a mistake, but I guess my mind approaches
it from a practical, quasi-GeoIP approach.
IPv6 seems to be somewhat chaotic in that realm. Plus, with web
applications and services, accurate GeoI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/9/2013 9:49 AM, Chris Adams wrote:
> Once upon a time, Robert Webb said:
>> But how would thet differ from the IPv4 address space which has PTR
>> records for all their IP's? Just the shear number they would have to
>> deal with in the IPv6 sp
On Wed, Oct 09, 2013 at 11:35:16AM -0500, Blair Trosper wrote:
> Does anyone know why (or can someone from Comcast explain why) there is no
> PTR on their residential/business IPv6 addresses?
Probably because of the considerations in
http://tools.ietf.org/html/draft-howard-isp-ip6rdns-06. I seem
That's essentially what I'm getting at. If the v6 addresses/blocks are
allocated in a similar fashion to IPv4, where the octets are clearly named
by state and "hsd1", then I don't see why they should lack PTR.
However, even if they're not assigned or delegated in that way, it'd be
helpful to have
On Wed, 9 Oct 2013 11:41:50 -0500
Chris Adams wrote:
Once upon a time, Blair Trosper said:
Does anyone know why (or can someone from Comcast explain why) there
is no
PTR on their residential/business IPv6 addresses?
I believe business customers (with a static assignment) can request
revers
Once upon a time, Robert Webb said:
> But how would thet differ from the IPv4 address space which has PTR
> records for all their IP's? Just the shear number they would have to
> deal with in the IPv6 space?
Oh, are you looking for auto-generated reverse for every address?
That's not going to hap
Once upon a time, Blair Trosper said:
> Does anyone know why (or can someone from Comcast explain why) there is no
> PTR on their residential/business IPv6 addresses?
I believe business customers (with a static assignment) can request
reverse DNS entries. Residential customers are not guaranteed
36 matches
Mail list logo
