This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] Reverse DNS operational considerations in an IPv6 environment
- Previous message (by thread): [dns-wg] Reverse DNS operational considerations in an IPv6 environment
- Next message (by thread): [dns-wg] Reverse DNS operational considerations in an IPv6 environment
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jim Reid
jim at rfc1035.com
Tue Jun 15 20:59:12 CEST 2010
On 15 Jun 2010, at 17:18, David Freedman wrote: > We use wildcard records and then the customer can insert any custom > content > to override these (but beware that the deprovisioning fairy must > visit your > database tables when the customer leaves in order to keep this stuff > clean) Hmmmm. IMO deployment of wildcarding in the DNS is usually an indication that something has gone very wrong. It always gives me the heebie-jeebies. Reverse lookups for IPv6 addresses is a bit of a religious issue. IIRC someone (Johan Ihren?) gave a presentation at a RIPE meeting a few years ago and said it was best not to bother with any PTRs in the reverse zones for IPv6 space. I think his argument was the world was moving away from name-based access controls to things based on crypto tokens, making reverse lookups pointless. That said, my mail server does not accept inbound SMTP if the connecting host fails to have a working reverse DNS entry: this is remarkably good at spam suppression. Provisioning these IPv6 reverse zones is a problem for ISPs and I'm not sure what (if anything) is the Right Thing to do here. Perhaps this is something for the WG to consider and possibly work on: eg compare and contrast approaches, document use cases and so forth? Aside from Claranet, what are the other ISPs doing about provisioning reverse DNS for their IPv6 customers? DDNS with DHCPv6? Anyone care to share? My personal preference would be to delegate the /80 (or whatever) to the end-user/customer and leave them to choose how to provision that zone. [Your mileage may vary...] This might work fairly painlessly with the tcp-self and 6to4-self hooks to the update-policy{} clause in BIND 9.7. Though that's still messy. It also relies on well-behaved clients which is perhaps unwise.
- Previous message (by thread): [dns-wg] Reverse DNS operational considerations in an IPv6 environment
- Next message (by thread): [dns-wg] Reverse DNS operational considerations in an IPv6 environment
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]