[166250] in North American Network Operators' Group
Re: comcast ipv6 PTR
daemon@ATHENA.MIT.EDU (=?utf-8?Q?Bj=C3=B8rn_Mork?=)
Tue Oct 15 10:58:49 2013
From: =?utf-8?Q?Bj=C3=B8rn_Mork?= <bjorn@mork.no>
To: Mark Andrews <marka@isc.org>
Date: Tue, 15 Oct 2013 16:57:04 +0200
In-Reply-To: <20131015045441.5C356832A5E@rock.dv.isc.org> (Mark Andrews's
message of "Tue, 15 Oct 2013 15:54:40 +1100")
Cc: John Levine <johnl@iecc.com>, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Mark Andrews <marka@isc.org> writes:
> Actually you just need to *let* the hosts update their own ptr
> records using UPDATE.
>
> People keep saying the PTR records don't mean anything yet still
> demand really strong authentication for updates of PTR records.
> TCP is more than a strong enough authenticator to support update
> from self.
>
> You can even delegate the reverse zone when doing or just after a PD.
>
> * Accept NS/DNAME updates for the reverse prefix from any address
> in the delegated address range over TCP. This avoids having a
> temporatially lame delegation. named already has code to do this
> for /48's as I coded it to to support 6to4.
This sounded like an excellent idea at first, but then I started
thinking: As a home user, would I really want to give anyone with
access to my network the right to change my reverse delegation?
I don't think so. I am not even sure I would want them all to be able
to update the PTR record for the addresses they use.
Bj=C3=B8rn
