[141845] in North American Network Operators' Group
Re: IPv6 and DNS
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Sun Jun 12 13:53:58 2011
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <4DF4FB6C.7000304@utc.edu>
Date: Sun, 12 Jun 2011 13:52:18 -0400
To: Jeff Kell <jeff-kell@utc.edu>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 12, 2011, at 1:46 20PM, Jeff Kell wrote:
> On 6/12/2011 11:44 AM, Matthew Palmer wrote:
>> I don't believe we were talking about DHCPv6, we were talking about =
SLAAC.
>> And I *still* think it's a better idea for the client to be =
registering
>> itself in DNS; the host knows what domain(s) it should be part of, =
and hence
>> which names refer to itself and should be updated with it's new =
address.
>=20
> Register with "what/which" DNS? If no DHCPv6 no DNS information has
> been acquired, so you're doing the magical anycast/multicast.
>=20
> Not a fan of self-registration, in IPv4 we have DHCP register the DDNS
> update; after all, it just handed out an address for a zone/domain =
that
> *it* knows for certain.=20
>=20
> The host "knows what domains it should be part of" ?? Perhaps a =
server
> or a fixed desktop, but otherwise (unless you're a big fan of
> ActiveDirectory anywhere) the domain is relative to the environment =
you
> just inherited.=20
>=20
> Letting any host register itself in my domain from any =
address/location
> is scary as heck :)=20
>=20
Not any host -- hosts you authorize to register in your zone, and give
the proper authentication credentials. I want my hosts to register in=20=
my domain, even if they're getting credentials from a random hotel or
hotspot DHCP server.
There are two different models here. A DHCP server should have the sole
right to register in its affiliated DNS servers (including especially =
the
inverse map). A host should have the right -- not necessarily the sole
right -- to register in a forward tree.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
