nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 Confusion

From: David Conrad <drc () virtualized org>
Date: Tue, 17 Feb 2009 15:20:39 -1000

On Feb 17, 2009, at 1:55 PM, Mark Andrews wrote:

(which was never fully
thought out -- how does a autoconfig'd device get a DNS name
associated with their address in a DNSSEC-signed world again?) and
letting network operators use DHCP with IPv6 the way they do with IPv4. 
        David you know as well as I do that DNSSEC is a orthognal
        issue here.


My understanding, which may well be wrong, is that:
- stateless auto-configuration assumes the client will update the address to name association once it has obtained the address. 
- In order to do this, the DNS server needs to support Dynamic DNS.
- If DNSSEC is in use, it requires the use of on-line signing keys.
- Security folks get unhappy when you mention on-line signing keys.

Solution?

- Don't have address to name associations
- Don't worry about (or accept lesser) security on address to name associations.
Of course the DNSSEC bit is sort of moot, as I suspect there aren't a whole lot of ISPs in a position to support dynamic updates from clients... 

Regards,
-drc
Previous By Date Next
Previous By Thread Next

Current thread: