[Nanog] Re: IPv6 rDNS - how will it be done?

Mark Andrews marka at isc.org
Wed Apr 28 01:33:48 UTC 2010


In message <268EBCE2-9D47-488E-8223-29B5A6323CEB at godshell.com>, "Jason 'XenoPhage' Frisvold" wri
tes:
> On Apr 27, 2010, at 8:42 PM, Mark Andrews wrote:
> > Windows will just populate the reverse zone as needed, if you let
> > it, using dynamic update.  If you have properly deployed BCP 39
> > and have anti-spoofing ingres filtering then you can just let any
> > address from the /48 add/remove PTR records.  Other OS's will
> > follow suite.
> 
> Is DDNS really considered to be the end-all answer for this?

It works if you let it.

> It seems =
> we're putting an awful lot of trust in the user when doing this.

What trust?  The OS just does it.  The user doesn't need to think about
this.

> I'd =
> rather see some sort of macro expansion in bind/tinydns/etc that would =
> allow a range of addresses to be added.

Macro expansion won't work.  1208925819614629174706176 PTR records is
a hell of a lot of records and that's just 1 /48.  :-)

> > Alternatively you can delegate the reverse for the /48 to servers
> > run by the customers.
> 
> This works for commercial customers, but I'm not sure I'd want to =
> delegate this to a residential customer.

Some will be capable others won't.  I would leave it as a option
but not the default.  Some thing that the account's control panel
can turn on and off.

I would however use a different set of servers for the /48's to
that of serving the /32 (or whatever) as you can just change the
delegation without having to also add and remove zones which you
would if they are on the same servers.
 
I would also provide customers with forward zones that they can
populate again using the /48 to control access.

e.g.
	<hex>.customer.isp.com.

	<hex> is the hexadecimal representation of the /48.

<machine>.<hex>.customer.isp.com. AAAA <hex>:<client>

They don't need to use it but it should be there to provide complete
the loop.

If HE was following this schema then bsdi would default to:

bsdi.200104701f00.customer.he.net AAAA 2001:470:1f00:ffff::5a1
bsdi.200104701f00.customer.he.net AAAA 2001:470:1f00:820:2e0:29ff:fe19:c02d

But as I care about the name of the machine it is:

bsdi.dv.isc.org.        AAAA    2001:470:1f00:ffff::5a1
bsdi.dv.isc.org.        AAAA    2001:470:1f00:820:2e0:29ff:fe19:c02d

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org




More information about the NANOG mailing list