[Cryptography] IPv6 and IPSEC

Richard Guy Briggs rgb at tricolour.net
Thu Aug 29 22:41:25 EDT 2013 

On Thu, Aug 29, 2013 at 01:53:29PM -0700, Taral wrote:
> Oh, wait. I misread the requirement. This is a pretty normal
> requirement -- your reverse DNS has to be valid. So if you are
> 3ffe::2, and that reverses to abc.example.com, then abc.example.com
> better resolve to 3ffe::2.

Right, so if you have abc.example.com and def.example2.com both pointing
to IP1 and IP2, and IP1 and IP2 both point to abc.example.com, what's
the problem?

> On Thu, Aug 29, 2013 at 1:38 PM, Phillip Hallam-Baker <hallam at gmail.com> wrote:
> > On Thu, Aug 29, 2013 at 1:59 PM, Taral <taralx at gmail.com> wrote:
> >> On Wed, Aug 28, 2013 at 12:08 PM, Lucky Green <shamrock at cypherpunks.to> wrote:
> >> > "Additional guidelines for IPv6
> >> >
> >> > The sending IP must have a PTR record (i.e., a reverse DNS of the
> >> > sending IP) and it should match the IP obtained via the forward DNS
> >> > resolution of the hostname specified in the PTR record. Otherwise, mail will
> >> > be marked as spam or possibly rejected."
> >>
> >> Because under ipv6 your prefix is supposed to be stable (customer
> >> identifier) and the namespace delegated to you on request. Have you
> >> asked your provider for an ipv6 namespace delegation?
> >
> > It is a stupid and incorrect requirement.
> >
> > The DNS has always allowed multiple A records to point to the same IP
> > address. In the general case a mail server will support hundreds, possibly
> > tens of thousands of receiving domains.
> >
> > A PTR record can only point to one domain.
> >
> > The reason that an MX record has a domain name as the target rather than an
> > IP address is to facilitate administration. Forcing the PTR and AAAA record
> > to match means that there has to be a one to one mapping and thus defeats
> > many commonly used load balancing strategies.
> >
> > Google is attempting to impose a criteria that is simply wrong.
> >
> > Website: http://hallambaker.com/
> 
> Taral <taralx at gmail.com>

	slainte mhath, RGB

--
Richard Guy Briggs               --  ~\    -- ~\            <hpv.tricolour.net>
<www.TriColour.net>                --  \___   o \@       @       Ride yer bike!
Ottawa, ON, CANADA                  --  Lo_>__M__\\/\%__\\/\%
Vote! -- <greenparty.ca>_____GTVS6#790__(*)__(*)________(*)(*)_________________

More information about the cryptography mailing list