In message <CAAAwwbX3-LNd8hRCYwdBGhCamBwjqT6u9Xygf08GmO+RRNJjuA@mail.gmail.com> , Jimmy Hess writes:
On Sun, Nov 6, 2011 at 7:10 PM, Mark Andrews <marka@isc.org> wrote:
MacOS and Windows can both populate the reverse zone for you as can dhcp servers. The practice of filling out the reverse zone with fake PTR record [...]
OK.. let's say you're a DSL provider. Are you going to have your DHCP server populating the forward and reverse DNS? With what, the account holder's name? somename.example.com ?
With what the machine told you to populate it with. If the hostname isn't specified in the request uses your default naming scheme.
Wouldn't you say blahblah192-168-0-2.city.state.dsl.example.com provides more useful information?
No.
First of all, you know that the IP address is an end user, an access network's end user's one IP address, an endpoint, rather than a subnet assigned to an actual multinode network.
Is it? Even today with IPv4 you don't have to hand out single addresses to customers.
Second of all, you know it's an ISP, and you have city and state information of the network service. This is more useful than arbitrary user made up hostname.
In your opinion. It may not be in the customer's opinion and they are the ones leasing the address.
The hostname is more meaningful on "real networks" such as SMB LANs, Enterprise intranets, web farms, server networks, and other places where generic records should not be assigned, but the PTR should be the actual hostname.
New flash. "real networks" already exist in homes. The only reason they arn't visible outside the home is that ISP's have been ridiculously slow in making IPv6 available to the homes and with that the potential for directly address machines.
If the IP address is dynamic or autoconfigured for _those_ types of networks, then yes, automatic RDNS registration makes sense. If it's static, not so much.
Dynamic DNS registration is also complicated to make secure.... as in preventing hosts from updating other hosts' records or mucking around the zone in other unwanted ways requires complex key management and ACL configuration
No. It's not really complicated to make secure. It's quite possible to prevent machines muking up others records. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org