Re: [Nanog] Re: IPv6 rDNS - how will it be done?

[Jason 'XenoPhage' Frisvold <xenophage () godshell com>]

On Apr 27, 2010, at 9:00 PM, David Conrad wrote:
> Hmm. A macro expansion for a /48 would mean 1,208,925,819,614,629,174,706,176 leaves. An interesting stress test for 
> name servers... :-).

Um.. sure.  :)  Your computer can't handle that?

How about a programmatic expansion?  Only create the necessary record when asked for it.

> Slightly more seriously, there have been discussions in the past about doing dynamic synthesis of v6 reverses, but 
> that gets icky (particularly if you invoke the dreaded "DNSSEC" curse) and I don't know any production server that 
> actually does this now.  Dynamic DNS is probably the least offensive solution if you really want reverses for your v6 
> nodes.

DNSSEC does seem to throw the proverbial wrench in the works..  At least, from what I understand..  I'm still not sold 
on DNSSEC and that, partly, has to do with a lack of knowledge..

If you allow a client to set their own reverse, don't you run into issues where the client can spoof their identity?  
ie, set their reverse to whitehouse.gov or bankofamerica.com ?  Or is it possible to configure DDNS in such a way as to 
only allow subdomain names where the domain is tacked on automagically?

> Regards,
> -drc

---------------------------
Jason 'XenoPhage' Frisvold
xenophage () godshell com
---------------------------
"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law