PTR records for IPv6
marcosommani at gmail.com
Mon Sep 2 10:35:32 CEST 2013
On 02/set/2013, at 10:04, Mohacsi Janos <mohacsi at niif.hu> wrote:
> Dear All,
> In my opinion requiring PTR for unauthenticated SMTP session is reasonable:
> - For authenticated sessions (users sending mails to SMTP server for delivery) this is not necessary - since user is identified by the authentication
> - For non-authenticated sessions (mail delivery between MTAs and between relay servers) is reasonable to ask your partner who you are talking to. If there is no better method than PTR, than rely on PTR. So you have a defined server for MTA purpose, why you don't put PTR record on it? The your partner can build some credibility information on this server...
Yes, but we must not forget temporary addresses. If the MTA has temporary addresses, then it will prefer them for its smtp sessions. So, one should either disable temporaries on all MTAs or use DNS dynamic updates. I think that it would be much wiser to deprecate PTR checks for IPv6.
> For other hosts (not acting as a defined server) I don't think it is reasonable to require PTRs.
> Best Regards,
> Janos Mohacsi
> Head of HBONE+ project
> Network Engineer, Director Network and Multimedia
> NIIF/HUNGARNET, HUNGARY
> Co-chair of Hungarian IPv6 Forum
> Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
> On Mon, 2 Sep 2013, Brian E Carpenter wrote:
>> So, is there any real operational value in this, or is it just
>> a case of "we did it for v4 so it must be right for v6"?
>> -------- Original Message --------
>> Subject: [nznog] Orcon IPv6 rDNS delegation
>> Date: Mon, 2 Sep 2013 02:08:47 +1200
>> From: Jonathan Spence <jonathan.spence at power-business.co.nz>
>> Reply-To: jonathan.spence at power-business.co.nz
>> To: <nznog at list.waikato.ac.nz>
>> Hi everyone, Google have just started enforcing PTR records for IPv6
>> addresses delivering to Gmail. Our IPv6 works great with Orcon but having
>> serious issues getting delegation back to our nameservers setup.
>> <irrelevant operational details omitted>
More information about the ipv6-ops