[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DNSEXT WGLC: IPv6 Name Auto Registration
>
> > You could do an additional validation where if someone wants to stuff
> > a new valid into an old PTR record, the DNS server looks to see if the
> > old FQDN in that PTR record still points back to the address referred
> > to by the PTR record, and if it does, refuses the update. This
> > prevents PTR record stealing.
> >
> > Is there some other attack I'm not thinking of here?
>
> I rightfully grab an address and go through the process. Then I go
> offnet without removing my forward pointer. My "lease" expires. The
> next person who happens to get my address can no longer get the PTR
> entry because the old (stale) forward entry is still there.
>
Huhhh??? The host that is managing the addresses also manages the
reverse tree. As soon as an address is assigned to a new MAC address
the PTR should change to a default vallue or be dynamically updated by
the new host.
It would be a strange world if I would not be able to get a PTR RR
because somebody else uses a stale forward mapping.
--Olaf
--------------------------------------------| Olaf M. Kolkman
| www.ripe.net/disi
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>