PTR records for IPv6
Fred Baker
fred at cisco.com
Mon Sep 2 00:13:08 CEST 2013
On Sep 1, 2013, at 2:30 PM, Brian E Carpenter <brian.e.carpenter at gmail.com> wrote:
> So, is there any real operational value in this, or is it just
> a case of "we did it for v4 so it must be right for v6"?
If one accepts that PTR records make sense for IPv4, then one does wonder why they would not for IPv6. Let me put the shoe on the other foot: what would not not want to be able to ensure that a peer sending you an email is in fact a known system, if not a system authorized to do so, in the remote domain?
At least part of the context would be the statistics of spam. I did a fairly interesting analysis a couple of years back. I walked through all of the email on may laptop that was not in my junk folder, and separately through all of the email in my junk folder. In that analysis, I asked what the IP address of the MTU/MTA prior to the first Cisco hop was (e.g., looked for "Receive" records similar to
Received: from mail1.cluenet.de ([195.20.121.100]) by
rcdn-inbound-i.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 01 Sep 2013
21:31:28 +0000
which is what I found in my copy of your email in this thread).
In however many years of email it was, I found about 700 IP addresses total - addresses like cluenet's, ietf.org, and so on. In my junk folder which is to say within 30 days of email, I found nearly 5000. A diff of the lists found the overlap to be negligible, on the order of 20 or 30, which I suspect I could explain with misclassified mail - mail that should have been in the junk folder and wasn't.
Are we under the impression that people will not use IPv6 the same way they have used IPv4?
The big difference I see between IPv4 and IPv6 in this context is that in my company every global address has a domain name and a PTR record, if only something like dhcp.something.cisco.com. That would not be practical in IPv6; one would find oneself creating PTR records for systems as they create the addresses, whether by SLAAC or DHCPv6, or creating PTR records that respond to entire classes of PTR requests. You can decide as you will on the utility of that.
> Brian
>
> -------- Original Message --------
> Subject: [nznog] Orcon IPv6 rDNS delegation
> Date: Mon, 2 Sep 2013 02:08:47 +1200
> From: Jonathan Spence <jonathan.spence at power-business.co.nz>
> Reply-To: jonathan.spence at power-business.co.nz
> To: <nznog at list.waikato.ac.nz>
>
> Hi everyone, Google have just started enforcing PTR records for IPv6
> addresses delivering to Gmail. Our IPv6 works great with Orcon but having
> serious issues getting delegation back to our nameservers setup.
>
> <irrelevant operational details omitted>
------------------------------------------------------
8 issues in virtual infrastructure
http://dcrocker.net/#fallacies
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20130901/cb88a8d7/attachment.sig>
More information about the ipv6-ops
mailing list