nanog mailing list archives
RE: [Nanog] Re: IPv6 rDNS - how will it be done?
From: "Mark Scholten" <mark () streamservice nl>
Date: Wed, 28 Apr 2010 09:31:25 +0200
-----Original Message----- From: David Conrad [mailto:drc () virtualized org] Sent: Wednesday, April 28, 2010 3:01 AM To: Jason 'XenoPhage' Frisvold Cc: nanog () nanog org Subject: Re: [Nanog] Re: IPv6 rDNS - how will it be done? On Apr 27, 2010, at 5:47 PM, Jason 'XenoPhage' Frisvold wrote:On Apr 27, 2010, at 8:42 PM, Mark Andrews wrote:Windows will just populate the reverse zone as needed, if you let it, using dynamic update. If you have properly deployed BCP 39 and have anti-spoofing ingres filtering then you can just let any address from the /48 add/remove PTR records. Other OS's will follow suite.Is DDNS really considered to be the end-all answer for this?Seems it is that or not bothering with reverse anymore.It seems we're putting an awful lot of trust in the user when doingthis.. I'd rather see some sort of macro expansion in bind/tinydns/etc that would allow a range of addresses to be added. Hmm. A macro expansion for a /48 would mean 1,208,925,819,614,629,174,706,176 leaves. An interesting stress test for name servers... :-).
With LUA scripting and PowerDNS you could create a reverse DNS/forward DNS based on the input and match it (IP or hostname). This could be really dynamic and with using some cache it should also be fast. Checking what IPv6 address is in use and providing them a rDNS is also an option of course (but I think that will consume more power/bandwith/etc. on the long term).
Slightly more seriously, there have been discussions in the past about doing dynamic synthesis of v6 reverses, but that gets icky (particularly if you invoke the dreaded "DNSSEC" curse) and I don't know any production server that actually does this now. Dynamic DNS is probably the least offensive solution if you really want reverses for your v6 nodes.
As long as you don't use DNSSEC the option above is possible, but with DNSSEC many options will fail I think. Completely dynamic based on the request of a client isn't an option if you ask me (or do we want .local addresses in the rDNS?).
Regards, -drc
Current thread:
- Re: [Nanog] Re: IPv6 rDNS - how will it be done?, (continued)
- Re: [Nanog] Re: IPv6 rDNS - how will it be done? Larry Sheldon (Apr 28)
- Re: [Nanog] Re: IPv6 rDNS - how will it be done? David Conrad (Apr 27)
- Re: [Nanog] Re: IPv6 rDNS - how will it be done? Jason 'XenoPhage' Frisvold (Apr 27)
- Re: [Nanog] Re: IPv6 rDNS - how will it be done? David Conrad (Apr 27)
- Re: [Nanog] Re: IPv6 rDNS - how will it be done? Richard Barnes (Apr 27)
- Re: [Nanog] Re: IPv6 rDNS - how will it be done? Steve Bertrand (Apr 27)
- Re: [Nanog] Re: IPv6 rDNS - how will it be done? John Levine (Apr 27)
- Re: [Nanog] Re: IPv6 rDNS - how will it be done? David Conrad (Apr 27)
- Re: [Nanog] Re: IPv6 rDNS - how will it be done? Felipe Zanchet Grazziotin (Apr 27)
- Re: [Nanog] Re: IPv6 rDNS - how will it be done? Jack Bates (Apr 28)
- RE: [Nanog] Re: IPv6 rDNS - how will it be done? Mark Scholten (Apr 28)
- Re: [Nanog] Re: IPv6 rDNS - how will it be done? Stefan Schmidt (Apr 28)
- Re: [Nanog] Re: IPv6 rDNS - how will it be done? Mark Andrews (Apr 27)
- Re: IPv6 rDNS - how will it be done? Stefan Schmidt (Apr 28)