Will IPv6 kill double-reverse lookups?

Jonathan de Boyne Pollard J.deBoynePollard at Tesco.NET
Wed Nov 3 04:42:20 UTC 2004

DC> I was going to ask here if the BIND developers had thought about a
DC> feature to synthesize matching ip6.arpa and forward record sets to
DC> satisfy TCP Wrappers and the like, [...]

Of course, one doesn't actually need a full blown content DNS server 
with a database.  "walldns" is a special-purpose content DNS server that 
already does this sort of synthesis for "in-addr.arpa.", on the fly.


You might like to ask Felix von Leitner if he has any plans to extend 
his IP version 6 augmentation to cover "walldns" as well, so that it 
performs synthesis for "ip6.arpa." subdomains too.  It shouldn't be too 


DC> I began to wonder whether this problem will serve as an agitator to 
get people to
DC> stop fooling themselves into using DNS for endpoint 

Sadly, I suspect it will not.  You will be amazed at how resistant some 
people are to learning that this nonsense provides no security at all 
beyond what one can already do with the original IP address that one 
started with.  Mail system administrators are particularly fond of this 
Half-Baked Idea (and its cousins).


More information about the bind-users mailing list