[146469] in cryptography@c2.net mail archive
Re: [Cryptography] IPv6 and IPSEC
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Thu Aug 29 16:40:09 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAGZkp1-4O-Lw3suFuHM7fpGpSkyaSwwbFZN4CD_HCqaF4bn_Lw@mail.gmail.com>
Date: Thu, 29 Aug 2013 16:38:03 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Taral <taralx@gmail.com>
Cc: Lucky Green <shamrock@cypherpunks.to>,
Cryptography List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============5599126566962072187==
Content-Type: multipart/alternative; boundary=001a11c3694227a78b04e51c15ec
--001a11c3694227a78b04e51c15ec
Content-Type: text/plain; charset=ISO-8859-1
On Thu, Aug 29, 2013 at 1:59 PM, Taral <taralx@gmail.com> wrote:
> On Wed, Aug 28, 2013 at 12:08 PM, Lucky Green <shamrock@cypherpunks.to>
> wrote:
> > "Additional guidelines for IPv6
> >
> > The sending IP must have a PTR record (i.e., a reverse DNS of the
> sending IP) and it should match the IP obtained via the forward DNS
> resolution of the hostname specified in the PTR record. Otherwise, mail
> will be marked as spam or possibly rejected."
>
> Because under ipv6 your prefix is supposed to be stable (customer
> identifier) and the namespace delegated to you on request. Have you
> asked your provider for an ipv6 namespace delegation?
It is a stupid and incorrect requirement.
The DNS has always allowed multiple A records to point to the same IP
address. In the general case a mail server will support hundreds, possibly
tens of thousands of receiving domains.
A PTR record can only point to one domain.
The reason that an MX record has a domain name as the target rather than an
IP address is to facilitate administration. Forcing the PTR and AAAA record
to match means that there has to be a one to one mapping and thus defeats
many commonly used load balancing strategies.
Google is attempting to impose a criteria that is simply wrong.
--
Website: http://hallambaker.com/
--001a11c3694227a78b04e51c15ec
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Thu, Aug 29, 2013 at 1:59 PM, Taral <span dir=3D"ltr"><<a hre=
f=3D"mailto:taralx@gmail.com" target=3D"_blank">taralx@gmail.com</a>></s=
pan> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">On Wed, Aug 28, 2013 at 12=
:08 PM, Lucky Green <<a href=3D"mailto:shamrock@cypherpunks.to">shamrock=
@cypherpunks.to</a>> wrote:<br>
> "Additional guidelines for IPv6<br>
><br>
> The sending IP must have a PTR record (i.e., a reverse DNS of the send=
ing IP) and it should match the IP obtained via the forward DNS resolution =
of the hostname specified in the PTR record. Otherwise, mail will be marked=
as spam or possibly rejected."<br>
<br>
</div>Because under ipv6 your prefix is supposed to be stable (customer<br>
identifier) and the namespace delegated to you on request. Have you<br>
asked your provider for an ipv6 namespace delegation?</blockquote><div><br>=
</div><div>It is a stupid and incorrect requirement.</div><div><br></div><d=
iv>The DNS has always allowed multiple A records to point to the same IP ad=
dress. In the general case a mail server will support hundreds, possibly te=
ns of thousands of receiving domains.=A0</div>
<div><br></div><div>A PTR record can only point to one domain.</div><div><b=
r></div><div>The reason that an MX record has a domain name as the target r=
ather than an IP address is to facilitate administration. Forcing the PTR a=
nd AAAA record to match means that there has to be a one to one mapping and=
thus defeats many commonly used load balancing strategies.</div>
<div><br></div><div>Google is attempting to impose a criteria that is simpl=
y wrong.</div><div><br></div><div>=A0</div></div><div><br></div>-- <br>Webs=
ite: <a href=3D"http://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>
--001a11c3694227a78b04e51c15ec--
--===============5599126566962072187==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5599126566962072187==--
