[125984] in North American Network Operators' Group
Re: [Nanog] Re: IPv6 rDNS - how will it be done?
daemon@ATHENA.MIT.EDU (Richard Barnes)
Tue Apr 27 21:30:12 2010
In-Reply-To: <07CAAF4D-E31E-4E8D-B7AD-5DFEE623F0AD@godshell.com>
Date: Tue, 27 Apr 2010 21:27:16 -0400
From: Richard Barnes <richard.barnes@gmail.com>
To: "Jason 'XenoPhage' Frisvold" <xenophage@godshell.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Presumably, if you've already got a script that's provisioning reverse
results, you could amend it to add name constraints. No idea if this
is possible with current DynDNS software, though.
--Richard
On Tue, Apr 27, 2010 at 9:10 PM, Jason 'XenoPhage' Frisvold
<xenophage@godshell.com> wrote:
> On Apr 27, 2010, at 9:00 PM, David Conrad wrote:
>> Hmm. A macro expansion for a /48 would mean 1,208,925,819,614,629,174,70=
6,176 leaves. An interesting stress test for name servers... :-).
>
> Um.. sure. =A0:) =A0Your computer can't handle that?
>
> How about a programmatic expansion? =A0Only create the necessary record w=
hen asked for it.
>
>> Slightly more seriously, there have been discussions in the past about d=
oing dynamic synthesis of v6 reverses, but that gets icky (particularly if =
you invoke the dreaded "DNSSEC" curse) and I don't know any production serv=
er that actually does this now. =A0Dynamic DNS is probably the least offens=
ive solution if you really want reverses for your v6 nodes.
>
> DNSSEC does seem to throw the proverbial wrench in the works.. =A0At leas=
t, from what I understand.. =A0I'm still not sold on DNSSEC and that, partl=
y, has to do with a lack of knowledge..
>
> If you allow a client to set their own reverse, don't you run into issues=
where the client can spoof their identity? =A0ie, set their reverse to whi=
tehouse.gov or bankofamerica.com ? =A0Or is it possible to configure DDNS i=
n such a way as to only allow subdomain names where the domain is tacked on=
automagically?
>
>> Regards,
>> -drc
>
> ---------------------------
> Jason 'XenoPhage' Frisvold
> xenophage@godshell.com
> ---------------------------
> "Any sufficiently advanced magic is indistinguishable from technology."
> - Niven's Inverse of Clarke's Third Law
>
>
>
>
>
