[dns-operations] IPv6 PTR records

R.P. Aditya aditya at grot.org
Fri Dec 17 15:38:42 UTC 2010


On Fri, Dec 17, 2010 at 04:23:40PM +0100, Phil Regnauld wrote:
> 	Not on a large scale, but for our customers we've long ago
> 	automated creation of PTR and A in tandem, so it's a non issue.
> 	There are policies

to elaborate, the real issue isn't hosts with know/static IPs, but those
who use stateless autoconfiguration (since OS X doesn't support DHCPv6
yet, that's the lowest common denominator we will be able to start with)
and move around via wireless (and possibly wired) -- so unless we are
able to do DHCPv6 we can't guarantee DDNS, so we're left with
automatically generating AAAA and PTR records for dynamically addressed
hosts, and doing that is easy, but it is even easier not to do it

if fewer target systems tend to use PTR existance and/or PTR/AAAA
matching for ensuring "legitamacy" then by not providing those records
for dynamic hosts, maybe we could hasten the demise of such a dubious
"security" practice...

luckily, I think we have the time and resources to try both ways, but
one way is clearly easier...

Adi



More information about the dns-operations mailing list