[dns-operations] Maybe I'm just not with it...
Andrew Sullivan
ajs at shinkuro.com
Mon Dec 7 14:16:04 UTC 2009
On Mon, Dec 07, 2009 at 12:05:16PM +0000, Lutz Donnerhacke wrote:
> Great for hacking ...
>
> Severals systems does rely on reverse DNS results for ACLs.
Over in the IETF, there was for a while an effort to document what one
should and should not expect in the reverse tree. We were unable even
to converge on the apparently obvious sentiment that one might want to
maintain the reverse tree, but one doesn't have to; or that one might
want to look at the data in the reverse tree, except that one
shouldn't rely on it too much.
System operators can do what they want, of course, with the data they
look up. But there is no reason to suppose that there will ever be
widespread agreement about what's in the reverse tree, since we can't
even get people to assent to the proposition, "There is a reverse
tree or (A or not-A)."
A
--
Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.
More information about the dns-operations
mailing list