[dns-operations] IPv6 PTR best practice

[sthaug at nethelp.no]

> > - What applications are requiring IPv6 PTR support?
> 
> The same set that require it for IPv4.

That's really a matter for debate. It's not at all obvious that
building IPv6 "reputation" will work as well as for IPv4.

> > Any feedback appreciated,
> 
> ISP's really haven't looked at what can work for populating PTR records.

Some of us have, and have concluded that we'd rather not go there.

> Companies using Active Directory have the end node populate the the PTR
> records using GSS-TSIG signed UPDATE requests.  Similar could work for
> ISP but every time someone mentions this they huff and puff and say it
> won$,1ry(Bt work.

AD is typically used within a company under *one* administration, while
customers of an ISP are extremely varied (and certainly don't fall under
one common administration).

The prospect of letting Joe Random User update his IPv6 PTR records
might be *technically* feasible - but letting customers do their own
DNS updates would need a significant amount of belts and suspenders,
and would definitely require some development resources - for zero
gain as far as I can see. It is *way* down the priority list.

> They see their kludge of pre-populating the reverse address space as being
> "good enough" for IPv4 and just want to do the same for IPv6 rather than
> actually look for solutions that will work.

It's a kludge for IPv4 that I *don't* want to repeat for IPv6. Thus the
plan to only create IPv6 PTRs that are actually needed (servers/services
on static IPv6 addresses).

> There is no reason we can't go from kludges to a working reverse space
> other than a unwillingness to try.

Seeing nonzero risks / costs and zero gain for the ISP might have
something to do with it.

Steinar Haug, AS2116