[Cryptography] IPv6 and IPSEC
Phillip Hallam-Baker
hallam at gmail.com
Thu Aug 29 18:46:38 EDT 2013
On Thu, Aug 29, 2013 at 4:53 PM, Taral <taralx at gmail.com> wrote:
> Oh, wait. I misread the requirement. This is a pretty normal
> requirement -- your reverse DNS has to be valid. So if you are
> 3ffe::2, and that reverses to abc.example.com, then abc.example.com
> better resolve to 3ffe::2.
>
> On Thu, Aug 29, 2013 at 1:38 PM, Phillip Hallam-Baker <hallam at gmail.com>
> wrote:
> >
> >
> >
> > On Thu, Aug 29, 2013 at 1:59 PM, Taral <taralx at gmail.com> wrote:
> >>
> >> On Wed, Aug 28, 2013 at 12:08 PM, Lucky Green <shamrock at cypherpunks.to>
> >> wrote:
> >> > "Additional guidelines for IPv6
> >> >
> >> > The sending IP must have a PTR record (i.e., a reverse DNS of the
> >> > sending IP) and it should match the IP obtained via the forward DNS
> >> > resolution of the hostname specified in the PTR record. Otherwise,
> mail will
> >> > be marked as spam or possibly rejected."
> >>
> >> Because under ipv6 your prefix is supposed to be stable (customer
> >> identifier) and the namespace delegated to you on request. Have you
> >> asked your provider for an ipv6 namespace delegation?
> >
> >
> > It is a stupid and incorrect requirement.
> >
> > The DNS has always allowed multiple A records to point to the same IP
> > address. In the general case a mail server will support hundreds,
> possibly
> > tens of thousands of receiving domains.
> >
> > A PTR record can only point to one domain.
> >
> > The reason that an MX record has a domain name as the target rather than
> an
> > IP address is to facilitate administration. Forcing the PTR and AAAA
> record
> > to match means that there has to be a one to one mapping and thus defeats
> > many commonly used load balancing strategies.
> >
> > Google is attempting to impose a criteria that is simply wrong.
>
>
So Lucky's problem seems to be that the ISPs providing IPv6 have decided on
a convention that they identify residential IPv6 ranges by not filling in
the reverse PTR info....
And the problem he has is that Google won't take email from a residential
IPv6.
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130829/26465d7f/attachment.html>
More information about the cryptography
mailing list