[125994] in North American Network Operators' Group
Re: [Nanog] Re: IPv6 rDNS - how will it be done?
daemon@ATHENA.MIT.EDU (David Conrad)
Tue Apr 27 22:16:11 2010
From: David Conrad <drc@virtualized.org>
In-Reply-To: <20100428014657.91479.qmail@joyce.lan>
Date: Tue, 27 Apr 2010 19:13:47 -0700
To: John Levine <johnl@iecc.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 27, 2010, at 6:46 PM, John Levine wrote:
>> Hmm. A macro expansion for a /48 would mean
>> 1,208,925,819,614,629,174,706,176 leaves. An interesting stress test
>> for name servers... :-).
> My inclination would be to use a wildcard that returns something like
> not-in-service.some-network.net, and let the clients add records for
> the addresses they use.
While better than 1 septillion zone entries, you still have the problem =
of how to let the clients add the records. DDNS is one approach. =
Manual intervention (e.g., as part of a customer provisioning system) is =
another as long as you don't use privacy extensions.
> For spoof resistance, how about doing a forward lookup on the
> purported name and only installing it if it gets a matching AAAA
> record?
Sounds like a reasonable DDNS filtering approach.
Regards,
-drc
