[125979] in North American Network Operators' Group
Re: [Nanog] Re: IPv6 rDNS - how will it be done?
daemon@ATHENA.MIT.EDU (David Conrad)
Tue Apr 27 21:02:09 2010
From: David Conrad <drc@virtualized.org>
In-Reply-To: <268EBCE2-9D47-488E-8223-29B5A6323CEB@godshell.com>
Date: Tue, 27 Apr 2010 18:00:59 -0700
To: Jason 'XenoPhage' Frisvold <xenophage@godshell.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 27, 2010, at 5:47 PM, Jason 'XenoPhage' Frisvold wrote:
> On Apr 27, 2010, at 8:42 PM, Mark Andrews wrote:
>> Windows will just populate the reverse zone as needed, if you let
>> it, using dynamic update. If you have properly deployed BCP 39
>> and have anti-spoofing ingres filtering then you can just let any
>> address from the /48 add/remove PTR records. Other OS's will
>> follow suite.
>=20
> Is DDNS really considered to be the end-all answer for this?
Seems it is that or not bothering with reverse anymore.
> It seems we're putting an awful lot of trust in the user when doing =
this.. I'd rather see some sort of macro expansion in bind/tinydns/etc =
that would allow a range of addresses to be added.
Hmm. A macro expansion for a /48 would mean =
1,208,925,819,614,629,174,706,176 leaves. An interesting stress test for =
name servers... :-).
Slightly more seriously, there have been discussions in the past about =
doing dynamic synthesis of v6 reverses, but that gets icky (particularly =
if you invoke the dreaded "DNSSEC" curse) and I don't know any =
production server that actually does this now. Dynamic DNS is probably =
the least offensive solution if you really want reverses for your v6 =
nodes.
Regards,
-drc
