In message <268EBCE2-9D47-488E-8223-29B5A6323CEB@godshell.com>, "Jason 'XenoPhage' Frisvold" wri tes:
On Apr 27, 2010, at 8:42 PM, Mark Andrews wrote:
Windows will just populate the reverse zone as needed, if you let it, using dynamic update. If you have properly deployed BCP 39 and have anti-spoofing ingres filtering then you can just let any address from the /48 add/remove PTR records. Other OS's will follow suite.
Is DDNS really considered to be the end-all answer for this?
It works if you let it.
It seems = we're putting an awful lot of trust in the user when doing this.
What trust? The OS just does it. The user doesn't need to think about this.
I'd = rather see some sort of macro expansion in bind/tinydns/etc that would = allow a range of addresses to be added.
Macro expansion won't work. 1208925819614629174706176 PTR records is a hell of a lot of records and that's just 1 /48. :-)
Alternatively you can delegate the reverse for the /48 to servers run by the customers.
This works for commercial customers, but I'm not sure I'd want to = delegate this to a residential customer.
Some will be capable others won't. I would leave it as a option but not the default. Some thing that the account's control panel can turn on and off. I would however use a different set of servers for the /48's to that of serving the /32 (or whatever) as you can just change the delegation without having to also add and remove zones which you would if they are on the same servers. I would also provide customers with forward zones that they can populate again using the /48 to control access. e.g. <hex>.customer.isp.com. <hex> is the hexadecimal representation of the /48. <machine>.<hex>.customer.isp.com. AAAA <hex>:<client> They don't need to use it but it should be there to provide complete the loop. If HE was following this schema then bsdi would default to: bsdi.200104701f00.customer.he.net AAAA 2001:470:1f00:ffff::5a1 bsdi.200104701f00.customer.he.net AAAA 2001:470:1f00:820:2e0:29ff:fe19:c02d But as I care about the name of the machine it is: bsdi.dv.isc.org. AAAA 2001:470:1f00:ffff::5a1 bsdi.dv.isc.org. AAAA 2001:470:1f00:820:2e0:29ff:fe19:c02d Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org