nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 Pain Experiment

From: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
Date: Thu, 3 Oct 2019 14:27:28 +0900
Mark Andrews wrote:


Actually you can do exactly the same thing for glue.  KEY records
below bottom of zone cut exactly the same way as you have A and AAAA
below bottom of zone cut.  The only difference is the zone listed in
the UPDATE message.


The tricky part is in converting a domain name of a
primary nameserver to IP addresses,  when the IP
addresses of the primary nameserver changes.

If the primary nameserver ask DNS its IP address
to send an update request to itself, it will get
old addresses.

What if primary.childzone.parentzone.example.com
is the primary for parentzone.example.com,
and childzone.parentzone.example.com?

Another problem is lack of redundancy that, when the
primary server is down, dynamic update is impossible.

> Now is that a “complicated” policy?

My point is that configuring lengthy random string of
security key is more painful than configuring addresses.

                                                Masataka Ohta
Previous By Date Next
Previous By Thread Next

Current thread: