[Nanog] Re: IPv6 rDNS - how will it be done?

• Previous message (by thread): [Nanog] Re: IPv6 rDNS - how will it be done?
• Next message (by thread): [Nanog] Re: IPv6 rDNS - how will it be done?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 27, 2010 at 11:13 PM, David Conrad <drc at virtualized.org> wrote:

> On Apr 27, 2010, at 6:46 PM, John Levine wrote:
>
> > For spoof resistance, how about doing a forward lookup on the
> > purported name and only installing it if it gets a matching AAAA
> > record?
>
> Sounds like a reasonable DDNS filtering approach.
>
>
On controlled environments it might work. Don't know how larger ISPs would
set AAAA records before for bazillion possible combinations of
computer.subnet.customer.isp.tld.

If going dynamic, are you willing to lower your DNS TTL to handle that?

Maybe doing wildchar evatulation for /64 subnets? "Everything under this
subnet is my-subnet.customer.isp.tld".


> Regards,
> -drc
>
>
>
Kindly,
Felipe

• Previous message (by thread): [Nanog] Re: IPv6 rDNS - how will it be done?
• Next message (by thread): [Nanog] Re: IPv6 rDNS - how will it be done?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]