[Nanog] Re: IPv6 rDNS - how will it be done?

• Previous message (by thread): [Nanog] Re: IPv6 rDNS - how will it be done?
• Next message (by thread): [Nanog] Re: IPv6 rDNS - how will it be done?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Apr 27, 2010, at 6:10 PM, Jason 'XenoPhage' Frisvold wrote:
> How about a programmatic expansion?  Only create the necessary record when asked for it.

The downsides I know of (off the top of my head) with dynamic synthesis are (a) challenges if you want DNSSEC and (b) increased susceptibility to D(D)oS attack.  There are probably others.

At some point, one has to ask if the ability to map the address into a name is worth the effort...

> If you allow a client to set their own reverse, don't you run into issues where the client can spoof their identity?  ie, set their reverse to whitehouse.gov or bankofamerica.com ?  

Yep, but those are boring examples.  I've seen (typically University computer science) networks with some truly fascinating (in scatological, religious and/or reproductive senses) reverse names.  Since anyone who relies on the reverse for anything other than a hint that the address might be part of a managed network deserves what they get, the names were good for a chuckle.

> Or is it possible to configure DDNS in such a way as to only allow subdomain names where the domain is tacked on automagically?

Most DDNS servers support some form of filtering.  However, the better way, at least in IPv4, is to have the DHCP server do the dynamic updates, not the client.  However, since some view DHCPv6 as Evil Pure and Simple by way of the Eighth Dimension(tm), this may not be an option.

Regards,
-drc

• Previous message (by thread): [Nanog] Re: IPv6 rDNS - how will it be done?
• Next message (by thread): [Nanog] Re: IPv6 rDNS - how will it be done?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]