IPv6 and DNS
smb at cs.columbia.edu
Sun Jun 12 17:52:18 UTC 2011
On Jun 12, 2011, at 1:46 20PM, Jeff Kell wrote:
> On 6/12/2011 11:44 AM, Matthew Palmer wrote:
>> I don't believe we were talking about DHCPv6, we were talking about SLAAC.
>> And I *still* think it's a better idea for the client to be registering
>> itself in DNS; the host knows what domain(s) it should be part of, and hence
>> which names refer to itself and should be updated with it's new address.
> Register with "what/which" DNS? If no DHCPv6 no DNS information has
> been acquired, so you're doing the magical anycast/multicast.
> Not a fan of self-registration, in IPv4 we have DHCP register the DDNS
> update; after all, it just handed out an address for a zone/domain that
> *it* knows for certain.
> The host "knows what domains it should be part of" ?? Perhaps a server
> or a fixed desktop, but otherwise (unless you're a big fan of
> ActiveDirectory anywhere) the domain is relative to the environment you
> just inherited.
> Letting any host register itself in my domain from any address/location
> is scary as heck :)
Not any host -- hosts you authorize to register in your zone, and give
the proper authentication credentials. I want my hosts to register in
my domain, even if they're getting credentials from a random hotel or
hotspot DHCP server.
There are two different models here. A DHCP server should have the sole
right to register in its affiliated DNS servers (including especially the
inverse map). A host should have the right -- not necessarily the sole
right -- to register in a forward tree.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
More information about the NANOG