Hallam-Baker, Phillip wrote:
Absolutely, reverse DNS has not been generally considered a critical
infrastructure, nobody uses it today except for debugging.
Really ?
I know that lot of ex. finnish ISP, companies, servers, .... use reverse
checking before accept connections. Also us. Maybe not in every
services. Ex. PARANOID flag is very much used in many services,
wrappers, ... same way like phone numbers, if somebody don't like to
tell that this number belongs to them, then we have nothing to say. We
are not so interesting handle anonymous trafic. Ofcource reverse is only
little thing but that tell something if you have not reverse info.
The zones are prefectly stable, the problem is that the information in those
zones is not maintained by the IP block holders to a sufficiently high
quality.
Ex. in Europe I think that situation is not excellent, but good. Thanks
for RIPE.
Also every reverse domain has soa and there is ...
The other practical problem is that there are machines with several hundred
thousand email domains parked on one machine.
How it's problem ?
If we look server site, you can live just like today if you don't like
to use this add-on posibilities. So this is not have to, this like all
other security and so on, You can use it, if you like it.
If you are mail sender and like to make connection to server which, use
this kind of add-on checking, then you must update reverse information.
Then this is have to properties for sender.
Only last MTA need to update, not all clients. Only those MTA have to
register which make connection outsite from your net. Something same has
private net - public net, between those you have ex. NAT, some
controlling, ...,
I have thought something that we have some "routing" services
- ip-packet
- dns lookup
- smtp protocol
- ...
In dns services we have some rules, what is possible, who can/must do
something.
Maybe we need same kind of rules also to other "routing" methods ?
Most of services is point-to-point services and more simple to make
rules. You can make it yourself. Smtp is routed services, ofcource last
step is point-to-point.
IP-network is structured, DNS is structured, smtp is not (yet).
Original doc:
http://www.awot.fi/cgi-bin/textdb/browser/showfile?cust=awkoulutus&subdir=dns&doc=reverse_mx
I wondering, if this kind of simple idea, not so much to do, it so hard
to do, How we think about those drafts, ideas which are much more
complicated, need software updates, ... Have those any posibilities to
be accepted ?
Most comments has handled that "oh no, so much work". Why have more
problems with our networks ? Hmmm ...
-jukka-
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg