nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Nanog] Re: IPv6 rDNS - how will it be done?

From: David Conrad <drc () virtualized org>
Date: Tue, 27 Apr 2010 18:26:27 -0700
On Apr 27, 2010, at 6:10 PM, Jason 'XenoPhage' Frisvold wrote:

How about a programmatic expansion?  Only create the necessary record when asked for it.


The downsides I know of (off the top of my head) with dynamic synthesis are (a) challenges if you want DNSSEC and (b) 
increased susceptibility to D(D)oS attack.  There are probably others.

At some point, one has to ask if the ability to map the address into a name is worth the effort...


If you allow a client to set their own reverse, don't you run into issues where the client can spoof their identity?  
ie, set their reverse to whitehouse.gov or bankofamerica.com ?  


Yep, but those are boring examples.  I've seen (typically University computer science) networks with some truly 
fascinating (in scatological, religious and/or reproductive senses) reverse names.  Since anyone who relies on the 
reverse for anything other than a hint that the address might be part of a managed network deserves what they get, the 
names were good for a chuckle.


Or is it possible to configure DDNS in such a way as to only allow subdomain names where the domain is tacked on 
automagically?


Most DDNS servers support some form of filtering.  However, the better way, at least in IPv4, is to have the DHCP 
server do the dynamic updates, not the client.  However, since some view DHCPv6 as Evil Pure and Simple by way of the 
Eighth Dimension(tm), this may not be an option.

Regards,
-drc
Previous By Date Next
Previous By Thread Next

Current thread: