[dns-operations] IPv6 PTR best practice

Paul Vixie paul at redbarn.org
Fri May 11 16:18:46 UTC 2018

Warren Kumari wrote:
> ​Well, that's only true if you sign your reverse zones, ​yes? I'm part
> of the DNSSEC Brigade, but is a signed reverse necessary?

dnssec is only useful if ubiquitious. you can tell someone to stop using 
.rhosts files, but you can't actually make them stop using .rhosts 
files. saying they ought to suffer from such bad decisions is tougher 
love than i'm up for.

there's also the gethostbyaddr() done inside most smtp receivers to 
generate the received: header and perhaps to decide whether to allow 
privileged functions such as relay. and the gethostbyaddr() inside a lot 
of callers of syslog().

if we care about authenticity, we won't be selective as to when.

P Vixie

More information about the dns-operations mailing list