Derek J. Balling dredd at megacity.org
Fri Aug 18 21:12:17 CEST 2000
that's great at creation time, but what about when Customer-A leaves ISP-A to go to ISP-B, but doesn't bring his host records along with him? ISP-A needs the ability to say "Attention $REGISTRAR, $HOSTNAME is no longer valid, as evidenced by the current lack of a PTR record. Please remove it". The lack of a PTR record covers the case where PTR and host-record may not match so someone impersonates ISP-A asking the host name be destroyed. The PTR record has to completely not exist. Of course, this is a great idea, but can we actually get it implemented by the relevant agencies? ;-) D At 2:56 PM -0400 8/18/00, Phillip Vandry wrote: >Why not this? > >Registrars only accept to create a glue record if there already exists >a PTR entry for the requested address that points to the right name. > >-Phil > >> I suspect that solving this correctly would depend on the ICANN DNSO >> recognising the authentication mechanisms of the databases of the RIR's >> under the ICANN ASO (RIPE, ARIN, APNIC). >> >> Unfortunately, no-one thought of this problem when they let registrars >> inject host records. The only way to verify automatically that a host >> record is allowed from a given netblock is to use the same authentication > > mechanisms that (say) RIPE do for reverse delegations.
[ lir-wg Archives ]