Dynamic update of DNS is a no-brainer nowadays. At the same
time you
update the A record of your box which changes IP address, you also
update the "RMX" record.
This implies that a dynamic update friendly option should be provided,
taking into account the fact that a receiver may be looking
at a previously cached record.
Here the DMP style IP address mechanism looks to be most
appropriate it
does not matter if the policy record is stale since that does
not need to be updated.
I was thinking about this and wondering why RMX or any other full database
approach couldn't be adapted to support dynamic IP.
Patrik suggested "10 lines of sh" can put a public key into a DNS KEY record.
That's pretty powerful stuff from what was originally a batch file language.
What stops a particular DNS implementation from inserting data into a
RMX-type record or database, or "synthesizing" a response to a RMX-type query
based on data stored in another format somewhere, populated by dynamic DNS
registrations elsewhere?[1]
These sure sound like problems solvable in implementations. I've seen some
imaginative things come from hard-set limitations, such as using ASCII (7-bit
ASCII yet!) to convey information in an Asian language. Some ideas lend
themselves better to solve certain problems, while the remaining problems are
still solvable. Yes, this encourages vulnerabilities, but this is why we
have testing.
Sending email that claims to come from any domain name you
choose is not a right.
Wow, we really are violently agreeing with each other here. :-)
[1] And written in twenty lines of sh or five lines of Perl. :-) I know it
can be done, that's what's so funny.
--
PGP key (0x0AFA039E):
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
What's a PGP Key? See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>