[dns-operations] IPv6 PTR records

William F. Maton Sotomayor wmaton at ryouko.imsb.nrc.ca
Fri Dec 17 16:16:56 UTC 2010


Hi
 	Also denying any contribution to a looming war of words that may 
ensue, I've also had run-ins with TCP wrappers wherever sysadmins 
followed the practice to install that and modify [x|whatever]inetd.conf to 
suit.

On Fri, 17 Dec 2010, Douglas C. Stephens wrote:

> While I don't wish to start a word war on the subject, I should like to note that
> there are other applications besides MTAs which provide capabilities which depend
> upon the existence of PTR records, and even PTR/A matching, under IPv4, and that will
> expect to be able to do so under IPv6.  A case in point is SSHd.  Many of the other
> sites running SSHd to which my customers connect are using versions of SSHd which
> stall and time-out if PTR records for my client-side IPs are not available.  Further,
> a sizeable fraction of those other sites still use hostname-based ACL mechanisms (in
> spite of the long-standing stupidity of doing so).  When these connections fail or are
> extremely slow to connect, I get very growly customers.  Therefore, we intend to
> roll-out matching IPv6 AAAA/PTR records.
>
>
> At 09:16 AM 12/17/2010, Wayne MacLaurin wrote:
>> That's an excellent question !
>>
>> I seem to recall a heated debate at the RIPE meeting in Rome back in November.     It would seem that most people wish PTR was never invented and it causes more grief than its worth.    A few folks seemed to be resigned to having to do PTR for MTAs and other services that have built-in requirements but most would like to see the entire concept go away
.
>>
>> Anybody else, who's rolling out IPv6 on a large scale, have any comments ?
>>
>> Wayne MacLaurin
>> Executive Director, DNS-OARC
>> <mailto:wayne at dns-oarc.net>wayne at dns-oarc.net
>>
>>
>> On 2010-12-17, at 10:02 AM, R.P. Aditya wrote:
>>
>>> I like to question my habits -- the current one: while getting ready to
>>> roll out IPv6, whether to bother with PTR records at all, and if so,
>>> whether to just automatically generate them (except maybe for MTAs) and
>>> not bother to match the forwards (so far, I'm not convinced either way
>>> and given the pace of the rollout, time can tell).
>>>
>>> R.P. (Adi) Aditya
>>> Network Architect
>>> ITSComm Network Engineering
>>> University of Michigan
>>> +1 (734) 330-2499
>>> <mailto:rpaditya at umich.edu>rpaditya at umich.edu
>>
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
> --
> Douglas C. Stephens             | Network/DNS/Unix/Windows Admin
> System Support Specialist       | Email Postmaster
> Information Systems             | Phone: (515) 294-6102
> Ames Laboratory, US DOE         | Email: stephens at ameslab.gov
>


wfms


More information about the dns-operations mailing list