that's great at creation time, but what about when Customer-A leaves ISP-A to go to ISP-B, but doesn't bring his host records along with him? ISP-A needs the ability to say "Attention $REGISTRAR, $HOSTNAME is no longer valid, as evidenced by the current lack of a PTR record. Please remove it". The lack of a PTR record covers the case where PTR and host-record may not match so someone impersonates ISP-A asking the host name be destroyed. The PTR record has to completely not exist. Of course, this is a great idea, but can we actually get it implemented by the relevant agencies? ;-) D At 2:56 PM -0400 8/18/00, Phillip Vandry wrote:
Why not this?
Registrars only accept to create a glue record if there already exists a PTR entry for the requested address that points to the right name.
-Phil
I suspect that solving this correctly would depend on the ICANN DNSO recognising the authentication mechanisms of the databases of the RIR's under the ICANN ASO (RIPE, ARIN, APNIC).
Unfortunately, no-one thought of this problem when they let registrars inject host records. The only way to verify automatically that a host record is allowed from a given netblock is to use the same authentication mechanisms that (say) RIPE do for reverse delegations.