North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: lame delegations
that's great at creation time, but what about when Customer-A leaves ISP-A to go to ISP-B, but doesn't bring his host records along with him?
ISP-A needs the ability to say "Attention $REGISTRAR, $HOSTNAME is no longer valid, as evidenced by the current lack of a PTR record. Please remove it".
The lack of a PTR record covers the case where PTR and host-record may not match so someone impersonates ISP-A asking the host name be destroyed. The PTR record has to completely not exist.
Of course, this is a great idea, but can we actually get it implemented by the relevant agencies? ;-)
At 2:56 PM -0400 8/18/00, Phillip Vandry wrote:
Why not this? Registrars only accept to create a glue record if there already exists a PTR entry for the requested address that points to the right name. -PhilI suspect that solving this correctly would depend on the ICANN DNSO recognising the authentication mechanisms of the databases of the RIR's under the ICANN ASO (RIPE, ARIN, APNIC). Unfortunately, no-one thought of this problem when they let registrars inject host records. The only way to verify automatically that a host record is allowed from a given netblock is to use the same authentication> mechanisms that (say) RIPE do for reverse delegations.