IPv6 and DNS
kauer at biplane.com.au
Sun Jun 12 23:56:59 UTC 2011
On Mon, 2011-06-13 at 01:44 +1000, Matthew Palmer wrote:
> And I *still* think it's a better idea for the client to be
> registering itself in DNS; the host knows what domain(s) it should be
> part of, and hence which names refer to itself and should be updated
> with it's new address.
Having tried that, we ended up doing it via DHCP (v4 at the time).
We only had probably 15-20K hosts trying to register their names, but
the results were sobering. At a rough estimate, one in a hundred was
properly configured. We saw obscenities, random strings, thousand-byte
names, empty names, invalid names, names with a hundred labels, "my name
is Andrew" - you name it, it came and tried to register itself.
And then there were the clients. Clients that tried as fast as they
could to register their name dozens of times per second, clients that
tried to register many names, clients that registered and then
immediately deregistered their names, clients that never deregistered
their names at all, clients that tried to register important names like
"www.ourdomain", clients that had completely broken protocol support...
Our logs were filling at thousands of lines per second.
So we moved the job to the DHCP server, and most of the problems went
away. The server got the desired name from the client, could check it
for some level of sanity and could register it properly. The server
could also deregister the names when the clients went away, or at least
at the end of the lease period. Most hosts *did* speak the DHCP protocol
adequately well. Instead of having to allow open slather, we could allow
just two hosts to make TSIG-protected updates. The logs became useful
So although YMMV, I can highly recommend letting your DHCP servers do
DDNS instead of letting the clients do it themselves. No doubt it
depends on a multitude of factors, not least being whether you actually
use DHCP, but in general, it worked a LOT better for us.
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/kauer/ +61-428-957160 (mob)
GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: This is a digitally signed message part
More information about the NANOG