nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Nanog] Re: IPv6 rDNS - how will it be done?

From: David Conrad <drc () virtualized org>
Date: Tue, 27 Apr 2010 19:13:47 -0700
On Apr 27, 2010, at 6:46 PM, John Levine wrote:


Hmm. A macro expansion for a /48 would mean
1,208,925,819,614,629,174,706,176 leaves. An interesting stress test
for name servers... :-).

My inclination would be to use a wildcard that returns something like
not-in-service.some-network.net, and let the clients add records for
the addresses they use.


While better than 1 septillion zone entries, you still have the problem of how to let the clients add the records.  
DDNS is one approach.  Manual intervention (e.g., as part of a customer provisioning system) is another as long as you 
don't use privacy extensions.


For spoof resistance, how about doing a forward lookup on the
purported name and only installing it if it gets a matching AAAA
record?


Sounds like a reasonable DDNS filtering approach.

Regards,
-drc
Previous By Date Next
Previous By Thread Next

Current thread: