nslookup from WinNT machine

Kevin Darcy kcd at daimlerchrysler.com
Wed May 30 22:18:46 UTC 2001 

Bill Manning wrote:

> % > At 8:54 PM -0400 5/29/01, Kevin Darcy wrote:
> % >
> % I have never said that PTRs have "absolutely no value". I've always said that
> % they provide a degree of convenience, for instance. The question I am raising is:
> % does their (IMO negligible) value justify the cost of maintaining them?
> % - Kevin
>
>         So stop using them if you don't think they have sufficant value.

This conversation started when someone characterized a mismatch between forward and
reverse entries as an "error" or a "problem". My issue is with normative language like
that. Some people find PTRs useful, some do not. But to criticize or stigmatize
someone just because they have made an informed decision not to use PTRs seems out of
line. It is, as you imply, *optional*. I'm saying no-reverse-DNS can be a
*valid* choice. And perhaps one day, if enough people choose to forego reverse DNS,
it should be officially deprecated.

>         Others think that the use of the reverse tree provide some
>         unique and excellent tools to facilitate things like IPSEC via
>         a distributed CA in the guise of those trees.  There is no
>         Internet Police force that will arrest you if you stop using
>         techniques that you don't find useful.  Some folks find no value
>         or even negative value in MIME attachments so they reject them.
>         Does such behaviour simplify their lives? Undoubtedly. Does it
>         restrict the range of participation in information flow? You bet.

Of course. But it is rather trivial for me to demonstrate the tangible benefits of
MIME at the end-user level. Reverse DNS, on the other hand, is something that
*most* web-surfing-type users don't need on a regular basis, and but for
(IMO misguided) attempts by certain software to use it for authentication, wouldn't
need at all, not even for mail. So the case for PTR seems to me to be far weaker than
for something like MIME.

>         Does PTR support carry similar characteristics?  I think so.
>         Can you convince your company and all its peers/suppliers/contractors
>         to abandon PTRs for something better? Possibly. And I wish you the
>         best.

I'm not aware that any of our trading partners require PTRs currently, although
I still maintain them internally and externally "just because". We do IPSEC, but
AFAIK it's gateway-to-gateway with shared secrets. This is the first I've heard of
using PTRs as an IPSEC distributed CA...


- Kevin

More information about the bind-users mailing list