-----Original Message----- From: David Conrad [mailto:drc@virtualized.org] Sent: Wednesday, April 28, 2010 3:01 AM To: Jason 'XenoPhage' Frisvold Cc: nanog@nanog.org Subject: Re: [Nanog] Re: IPv6 rDNS - how will it be done?
On Apr 27, 2010, at 5:47 PM, Jason 'XenoPhage' Frisvold wrote:
On Apr 27, 2010, at 8:42 PM, Mark Andrews wrote:
Windows will just populate the reverse zone as needed, if you let it, using dynamic update. If you have properly deployed BCP 39 and have anti-spoofing ingres filtering then you can just let any address from the /48 add/remove PTR records. Other OS's will follow suite.
Is DDNS really considered to be the end-all answer for this?
Seems it is that or not bothering with reverse anymore.
It seems we're putting an awful lot of trust in the user when doing this.. I'd rather see some sort of macro expansion in bind/tinydns/etc that would allow a range of addresses to be added.
Hmm. A macro expansion for a /48 would mean 1,208,925,819,614,629,174,706,176 leaves. An interesting stress test for name servers... :-).
With LUA scripting and PowerDNS you could create a reverse DNS/forward DNS based on the input and match it (IP or hostname). This could be really dynamic and with using some cache it should also be fast. Checking what IPv6 address is in use and providing them a rDNS is also an option of course (but I think that will consume more power/bandwith/etc. on the long term).
Slightly more seriously, there have been discussions in the past about doing dynamic synthesis of v6 reverses, but that gets icky (particularly if you invoke the dreaded "DNSSEC" curse) and I don't know any production server that actually does this now. Dynamic DNS is probably the least offensive solution if you really want reverses for your v6 nodes.
As long as you don't use DNSSEC the option above is possible, but with DNSSEC many options will fail I think. Completely dynamic based on the request of a client isn't an option if you ask me (or do we want .local addresses in the rDNS?).
Regards, -drc