[Cryptography] IPv6 and IPSEC
Taral
taralx at gmail.com
Thu Aug 29 16:53:29 EDT 2013
Oh, wait. I misread the requirement. This is a pretty normal
requirement -- your reverse DNS has to be valid. So if you are
3ffe::2, and that reverses to abc.example.com, then abc.example.com
better resolve to 3ffe::2.
On Thu, Aug 29, 2013 at 1:38 PM, Phillip Hallam-Baker <hallam at gmail.com> wrote:
>
>
>
> On Thu, Aug 29, 2013 at 1:59 PM, Taral <taralx at gmail.com> wrote:
>>
>> On Wed, Aug 28, 2013 at 12:08 PM, Lucky Green <shamrock at cypherpunks.to>
>> wrote:
>> > "Additional guidelines for IPv6
>> >
>> > The sending IP must have a PTR record (i.e., a reverse DNS of the
>> > sending IP) and it should match the IP obtained via the forward DNS
>> > resolution of the hostname specified in the PTR record. Otherwise, mail will
>> > be marked as spam or possibly rejected."
>>
>> Because under ipv6 your prefix is supposed to be stable (customer
>> identifier) and the namespace delegated to you on request. Have you
>> asked your provider for an ipv6 namespace delegation?
>
>
> It is a stupid and incorrect requirement.
>
> The DNS has always allowed multiple A records to point to the same IP
> address. In the general case a mail server will support hundreds, possibly
> tens of thousands of receiving domains.
>
> A PTR record can only point to one domain.
>
> The reason that an MX record has a domain name as the target rather than an
> IP address is to facilitate administration. Forcing the PTR and AAAA record
> to match means that there has to be a one to one mapping and thus defeats
> many commonly used load balancing strategies.
>
> Google is attempting to impose a criteria that is simply wrong.
>
>
>
> --
> Website: http://hallambaker.com/
--
Taral <taralx at gmail.com>
"Please let me know if there's any further trouble I can give you."
-- Unknown
More information about the cryptography
mailing list