[125983] in North American Network Operators' Group
Re: [Nanog] Re: IPv6 rDNS - how will it be done?
daemon@ATHENA.MIT.EDU (David Conrad)
Tue Apr 27 21:27:50 2010
From: David Conrad <drc@virtualized.org>
In-Reply-To: <07CAAF4D-E31E-4E8D-B7AD-5DFEE623F0AD@godshell.com>
Date: Tue, 27 Apr 2010 18:26:27 -0700
To: Jason 'XenoPhage' Frisvold <xenophage@godshell.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 27, 2010, at 6:10 PM, Jason 'XenoPhage' Frisvold wrote:
> How about a programmatic expansion? Only create the necessary record =
when asked for it.
The downsides I know of (off the top of my head) with dynamic synthesis =
are (a) challenges if you want DNSSEC and (b) increased susceptibility =
to D(D)oS attack. There are probably others.
At some point, one has to ask if the ability to map the address into a =
name is worth the effort...
> If you allow a client to set their own reverse, don't you run into =
issues where the client can spoof their identity? ie, set their reverse =
to whitehouse.gov or bankofamerica.com ? =20
Yep, but those are boring examples. I've seen (typically University =
computer science) networks with some truly fascinating (in scatological, =
religious and/or reproductive senses) reverse names. Since anyone who =
relies on the reverse for anything other than a hint that the address =
might be part of a managed network deserves what they get, the names =
were good for a chuckle.
> Or is it possible to configure DDNS in such a way as to only allow =
subdomain names where the domain is tacked on automagically?
Most DDNS servers support some form of filtering. However, the better =
way, at least in IPv4, is to have the DHCP server do the dynamic =
updates, not the client. However, since some view DHCPv6 as Evil Pure =
and Simple by way of the Eighth Dimension(tm), this may not be an =
option.
Regards,
-drc
