On 4 Oct 2019, at 10:35 am, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
Doug Barton wrote:
Not if you configure your services (like DNS) with static addresses,which as we've already discussed is not only possible, but easy.
That's your opinion. But, as Mark Andrews said:
Actually you can do exactly the same thing for glue.
I show it not so easy.
For TSIG % nsupdate zone com update del ns1.example.com a update add ns1.example.com 3600 in a 1.2.3.4 key [hmac:]keyname secret send % For SIG(0) % nsupdate -k keyfile zone com update del ns1.example.com a update add ns1.example.com 3600 in a 1.2.3.4 send % Please explain how https://datatracker.ietf.org/doc/draft-andrews-dnsop-update-parent-zones/ would not work. Update messages are designed to be forwarded and that includes signed UPDATE messages be they TSIG or SIG(0). Named already forwards UPDATE messages if your tell it to. We already have UPDATE clients that lookup SRV records to send UPDATE messages to dedicated servers. You home router may contain one of them today. If you have a Mac it already includes such a client. See System Preferences/Sharing/Edit/Use Dynamic Global Hostname which allows you to specify the TSIG key to update the DNS entries for the Mac. That looks for a SRV record before falling back to the nameservers for the zone. Apple registered the SRV prefix a decade or so ago. None of this is technically hard to do. It’s bolting together existing stuff. It just requires a willingness to deploy. Ask for it and it will appear. This isn’t a technical problem. It is a political problem.
Please stop spreading FUD regarding this topic.
Automatic renumbering involving DNS was important design goal of IPv6 with reasons.
Lack of it is still a problem.
Masataka Ohta
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org