IPv6 automatic reverse DNS
Woodworth, John R
John.Woodworth at CenturyLink.com
Tue Nov 1 05:11:48 UTC 2016
> Hi John,
> Thanks for the info and background.
> One operational suggestion I have is … why link synthesis rules to a
> specific DNS zone?
> Most larger operators of auth DNS use an IP management tool, like BT
> Diamond IPAM, BlueCat, or Infoblox. Oftentimes, allocations of IP space
> will not be on classful boundaries, yet most often reverse DNS zones
> are on classful boundaries.
> What may be more operationally useful would be an (optional) feature
> in auth DNS software that would process an incoming PTR request as
> 1. Answer the PTR with an entry in the corresponding ip6.arpa
> or in-addr.arpa zone file if the PTR exists
> 2. Otherwise, examine a rule set of synthetic PTR responses and
> answer by the rule set (e.g. 10.0.0.128 matches rule for
> “10.0.0.128/27” and returns PTR of 10-0-0-128.dhcp.example.com.)
> 3. Otherwise, return NXDOMAIN or NOANSWER/NOERROR as appropriate
> Such a ruleset could apply to forward zones as well to create the
> matching forward lookup.
> Just my two cents! Caveat: personal opinion and not the official
> position of Charter.
Excellent question. Out of necessity we have an in-house federated
solution for DNS/DHCP/IP/etc. which solves part of the problem.
However, not all data can be managed this way; some more tech-savvy
customers expect to manage their own data and transfer it directly
to our nameservers for the higher availability, lower latency,
tighter security, etc. This then becomes a shared burden at the
zone level where, from our perspective, the intent should be easily
transferable. I suspect if/when the draft is adopted, other IP
management tools may offer the capability of automatically
generating the associated "BULK" resource records for the various
DNS zones allowing for better interoperability (i.e. "transferability").
One of the draft's features I am most proud of is the concept of
superimposed records. This can scale to really huge levels where
for example: the RIR could provide patterns for all unclaimed records
under "10.in-addr.arpa." which could be overridden by more specific
patterns for records under "255.0.10.in-addr.arpa." The DNS ownership
now follows the intent of the expected DNS zone owner. If one
follows this logic through the ipv6 tree, this concept of ownership
becomes even more pronounced.
I guess in short, the answer is to maintain the concept of zone
> Ληdrеw Whiте
> Charter Network Operations - DAS DNS
> Desk: 314-394-9594 - Cell: 314-452-4386
> andrew.white2 at charter.com
-- THESE ARE THE DROIDS TO WHOM I REFER:
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
More information about the NANOG