nanog mailing list archives

Re: [Nanog] Re: IPv6 rDNS - how will it be done?

From: Mark Andrews <marka () isc org>
Date: Wed, 28 Apr 2010 11:33:48 +1000


In message <268EBCE2-9D47-488E-8223-29B5A6323CEB () godshell com>, "Jason 'XenoPhage' Frisvold" wri
tes:

On Apr 27, 2010, at 8:42 PM, Mark Andrews wrote:

Windows will just populate the reverse zone as needed, if you let
it, using dynamic update.  If you have properly deployed BCP 39
and have anti-spoofing ingres filtering then you can just let any
address from the /48 add/remove PTR records.  Other OS's will
follow suite.


Is DDNS really considered to be the end-all answer for this?


It works if you let it.

It seems =
we're putting an awful lot of trust in the user when doing this.


What trust?  The OS just does it.  The user doesn't need to think about
this.

I'd =
rather see some sort of macro expansion in bind/tinydns/etc that would =
allow a range of addresses to be added.


Macro expansion won't work.  1208925819614629174706176 PTR records is
a hell of a lot of records and that's just 1 /48.  :-)

Alternatively you can delegate the reverse for the /48 to servers
run by the customers.


This works for commercial customers, but I'm not sure I'd want to =
delegate this to a residential customer.


Some will be capable others won't.  I would leave it as a option
but not the default.  Some thing that the account's control panel
can turn on and off.

I would however use a different set of servers for the /48's to
that of serving the /32 (or whatever) as you can just change the
delegation without having to also add and remove zones which you
would if they are on the same servers.
 
I would also provide customers with forward zones that they can
populate again using the /48 to control access.

e.g.
        <hex>.customer.isp.com.

        <hex> is the hexadecimal representation of the /48.

<machine>.<hex>.customer.isp.com. AAAA <hex>:<client>

They don't need to use it but it should be there to provide complete
the loop.

If HE was following this schema then bsdi would default to:

bsdi.200104701f00.customer.he.net AAAA 2001:470:1f00:ffff::5a1
bsdi.200104701f00.customer.he.net AAAA 2001:470:1f00:820:2e0:29ff:fe19:c02d

But as I care about the name of the machine it is:

bsdi.dv.isc.org.        AAAA    2001:470:1f00:ffff::5a1
bsdi.dv.isc.org.        AAAA    2001:470:1f00:820:2e0:29ff:fe19:c02d

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org

Current thread:

Re: [Nanog] Re: IPv6 rDNS - how will it be done?, (continued)
- - - Re: [Nanog] Re: IPv6 rDNS - how will it be done? Jason 'XenoPhage' Frisvold (Apr 27)
    - Re: [Nanog] Re: IPv6 rDNS - how will it be done? David Conrad (Apr 27)
    - Re: [Nanog] Re: IPv6 rDNS - how will it be done? Richard Barnes (Apr 27)
    - Re: [Nanog] Re: IPv6 rDNS - how will it be done? Steve Bertrand (Apr 27)
    - Re: [Nanog] Re: IPv6 rDNS - how will it be done? John Levine (Apr 27)
    - Re: [Nanog] Re: IPv6 rDNS - how will it be done? David Conrad (Apr 27)
    - Re: [Nanog] Re: IPv6 rDNS - how will it be done? Felipe Zanchet Grazziotin (Apr 27)
    - Re: [Nanog] Re: IPv6 rDNS - how will it be done? Jack Bates (Apr 28)
    - RE: [Nanog] Re: IPv6 rDNS - how will it be done? Mark Scholten (Apr 28)
    - Re: [Nanog] Re: IPv6 rDNS - how will it be done? Stefan Schmidt (Apr 28)
    - Re: [Nanog] Re: IPv6 rDNS - how will it be done? Mark Andrews (Apr 27)
- Re: IPv6 rDNS - how will it be done? David Pérez (Apr 28)
  - Re: IPv6 rDNS - how will it be done? Stefan Schmidt (Apr 28)