Re: [Nanog] Re: IPv6 rDNS - how will it be done?

[Richard Barnes <richard.barnes () gmail com>]

Presumably, if you've already got a script that's provisioning reverse
results, you could amend it to add name constraints.  No idea if this
is possible with current DynDNS software, though.

--Richard



On Tue, Apr 27, 2010 at 9:10 PM, Jason 'XenoPhage' Frisvold
<xenophage () godshell com> wrote:
> On Apr 27, 2010, at 9:00 PM, David Conrad wrote:
> > Hmm. A macro expansion for a /48 would mean 1,208,925,819,614,629,174,706,176 leaves. An interesting stress test for 
> > name servers... :-).
>
> Um.. sure.  :)  Your computer can't handle that?
>
> How about a programmatic expansion?  Only create the necessary record when asked for it.
>
> > Slightly more seriously, there have been discussions in the past about doing dynamic synthesis of v6 reverses, but 
> > that gets icky (particularly if you invoke the dreaded "DNSSEC" curse) and I don't know any production server that 
> > actually does this now.  Dynamic DNS is probably the least offensive solution if you really want reverses for your 
> > v6 nodes.
>
> DNSSEC does seem to throw the proverbial wrench in the works..  At least, from what I understand..  I'm still not 
> sold on DNSSEC and that, partly, has to do with a lack of knowledge..
>
> If you allow a client to set their own reverse, don't you run into issues where the client can spoof their identity?  
> ie, set their reverse to whitehouse.gov or bankofamerica.com ?  Or is it possible to configure DDNS in such a way as 
> to only allow subdomain names where the domain is tacked on automagically?
>
> > Regards,
> > -drc
>
> ---------------------------
> Jason 'XenoPhage' Frisvold
> xenophage () godshell com
> ---------------------------
> "Any sufficiently advanced magic is indistinguishable from technology."
> - Niven's Inverse of Clarke's Third Law