[Cryptography] IPv6 and IPSEC

Phillip Hallam-Baker hallam at gmail.com
Thu Aug 29 16:38:03 EDT 2013


On Thu, Aug 29, 2013 at 1:59 PM, Taral <taralx at gmail.com> wrote:

> On Wed, Aug 28, 2013 at 12:08 PM, Lucky Green <shamrock at cypherpunks.to>
> wrote:
> > "Additional guidelines for IPv6
> >
> > The sending IP must have a PTR record (i.e., a reverse DNS of the
> sending IP) and it should match the IP obtained via the forward DNS
> resolution of the hostname specified in the PTR record. Otherwise, mail
> will be marked as spam or possibly rejected."
>
> Because under ipv6 your prefix is supposed to be stable (customer
> identifier) and the namespace delegated to you on request. Have you
> asked your provider for an ipv6 namespace delegation?


It is a stupid and incorrect requirement.

The DNS has always allowed multiple A records to point to the same IP
address. In the general case a mail server will support hundreds, possibly
tens of thousands of receiving domains.

A PTR record can only point to one domain.

The reason that an MX record has a domain name as the target rather than an
IP address is to facilitate administration. Forcing the PTR and AAAA record
to match means that there has to be a one to one mapping and thus defeats
many commonly used load balancing strategies.

Google is attempting to impose a criteria that is simply wrong.



-- 
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130829/f0b86123/attachment.html>


More information about the cryptography mailing list