[dns-operations] IPv6 PTR records
R.P. Aditya
aditya at grot.org
Fri Dec 17 15:38:42 UTC 2010
On Fri, Dec 17, 2010 at 04:23:40PM +0100, Phil Regnauld wrote:
> Not on a large scale, but for our customers we've long ago
> automated creation of PTR and A in tandem, so it's a non issue.
> There are policies
to elaborate, the real issue isn't hosts with know/static IPs, but those
who use stateless autoconfiguration (since OS X doesn't support DHCPv6
yet, that's the lowest common denominator we will be able to start with)
and move around via wireless (and possibly wired) -- so unless we are
able to do DHCPv6 we can't guarantee DDNS, so we're left with
automatically generating AAAA and PTR records for dynamically addressed
hosts, and doing that is easy, but it is even easier not to do it
if fewer target systems tend to use PTR existance and/or PTR/AAAA
matching for ensuring "legitamacy" then by not providing those records
for dynamic hosts, maybe we could hasten the demise of such a dubious
"security" practice...
luckily, I think we have the time and resources to try both ways, but
one way is clearly easier...
Adi
More information about the dns-operations
mailing list