[111974] in North American Network Operators' Group
Re: IPv6 Confusion
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Feb 17 19:42:36 2009
To: Mark Andrews <Mark_Andrews@isc.org>
In-Reply-To: Your message of "Wed, 18 Feb 2009 10:55:30 +1100."
<200902172355.n1HNtUGZ002737@drugs.dv.isc.org>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 17 Feb 2009 19:42:15 -0500
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1234917735_3892P
Content-Type: text/plain; charset=us-ascii
On Wed, 18 Feb 2009 10:55:30 +1100, Mark Andrews said:
> I solve it by give the machine a name. Adding a KEY record
> at that name to the DNS, the private part the machine knows.
I think the issue is that the machine in question may not know its own hostname
to start, much less that dnssec is in use, or that a private key is supposed to
be remembered on the machine. So there's a bit of a bootstrapping problem
there.
Of course, you can skip over that issue by letting the DHCP server do
the DNS updates as a proxy for the just-DHCP'ed machine, but that has
other issues...
(or just pre-populate the DNS with DHCP-2001-9A98-D247-{5more}.ISP.com and be
done with it like many places do for IPv4)
--==_Exmh_1234917735_3892P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFJm1lncC3lWbTT17ARAm8iAKCbx6hoYDgRqHMk5JyG0uKIt0Ki1ACgz7ij
z3amg/2yC8HtcnFbg03Bmw4=
=TqDw
-----END PGP SIGNATURE-----
--==_Exmh_1234917735_3892P--
