[Nanog] Re: IPv6 rDNS - how will it be done?
Mark Andrews
marka at isc.org
Wed Apr 28 01:33:48 UTC 2010
In message <268EBCE2-9D47-488E-8223-29B5A6323CEB at godshell.com>, "Jason 'XenoPhage' Frisvold" wri
tes:
> On Apr 27, 2010, at 8:42 PM, Mark Andrews wrote:
> > Windows will just populate the reverse zone as needed, if you let
> > it, using dynamic update. If you have properly deployed BCP 39
> > and have anti-spoofing ingres filtering then you can just let any
> > address from the /48 add/remove PTR records. Other OS's will
> > follow suite.
>
> Is DDNS really considered to be the end-all answer for this?
It works if you let it.
> It seems =
> we're putting an awful lot of trust in the user when doing this.
What trust? The OS just does it. The user doesn't need to think about
this.
> I'd =
> rather see some sort of macro expansion in bind/tinydns/etc that would =
> allow a range of addresses to be added.
Macro expansion won't work. 1208925819614629174706176 PTR records is
a hell of a lot of records and that's just 1 /48. :-)
> > Alternatively you can delegate the reverse for the /48 to servers
> > run by the customers.
>
> This works for commercial customers, but I'm not sure I'd want to =
> delegate this to a residential customer.
Some will be capable others won't. I would leave it as a option
but not the default. Some thing that the account's control panel
can turn on and off.
I would however use a different set of servers for the /48's to
that of serving the /32 (or whatever) as you can just change the
delegation without having to also add and remove zones which you
would if they are on the same servers.
I would also provide customers with forward zones that they can
populate again using the /48 to control access.
e.g.
<hex>.customer.isp.com.
<hex> is the hexadecimal representation of the /48.
<machine>.<hex>.customer.isp.com. AAAA <hex>:<client>
They don't need to use it but it should be there to provide complete
the loop.
If HE was following this schema then bsdi would default to:
bsdi.200104701f00.customer.he.net AAAA 2001:470:1f00:ffff::5a1
bsdi.200104701f00.customer.he.net AAAA 2001:470:1f00:820:2e0:29ff:fe19:c02d
But as I care about the name of the machine it is:
bsdi.dv.isc.org. AAAA 2001:470:1f00:ffff::5a1
bsdi.dv.isc.org. AAAA 2001:470:1f00:820:2e0:29ff:fe19:c02d
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG
mailing list