[dns-operations] IPv6 PTR best practice
paul at redbarn.org
Fri May 11 16:18:46 UTC 2018
Warren Kumari wrote:
> Well, that's only true if you sign your reverse zones, yes? I'm part
> of the DNSSEC Brigade, but is a signed reverse necessary?
dnssec is only useful if ubiquitious. you can tell someone to stop using
.rhosts files, but you can't actually make them stop using .rhosts
files. saying they ought to suffer from such bad decisions is tougher
love than i'm up for.
there's also the gethostbyaddr() done inside most smtp receivers to
generate the received: header and perhaps to decide whether to allow
privileged functions such as relay. and the gethostbyaddr() inside a lot
of callers of syslog().
if we care about authenticity, we won't be selective as to when.
More information about the dns-operations