[dns-operations] IPv6 PTR records
Paul Vixie
vixie at isc.org
Fri Dec 17 16:45:18 UTC 2010
at isc, at the moment, we're assigning non-stateless non-autoconf addresses
to anything that needs a PTR (that is, sends e-mail off-LAN or receives any
kind of inbound connection), since editing zone files that look like this...
; (lah1 internal (vlan 203, 0xCB))
$ORIGIN 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa.
$ORIGIN b.c.0.0
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR internal.cat.vix.com.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR ss.vix.com.
a.0.3.7.4.d.e.f.f.f.7.1.5.1.2.0 PTR ww.vix.com.
...is hard. in BIND9 we've been exploring some new update ACL mechanisms so
that rules like "let someone update the PTR for the IP/IP6 address they're
sending the update from" are possible. this would allow a laptop or desktop
to run 'nsupdate' after receiving an ipv6 autoconf, to insert its hostname.
however, in ISC DHCP V4 we're also supporting IETF DHCP6 which allows a DHCP
server having proper TSIG or similar credentials to do these updates, which
is the model most of the world has been using in IPv4 for some time now. not
many IETF DHCP6 clients are deployed, sadly.
noting, bill simpson tried to get us to abandon PTR for IPv6, he wanted to
just add a new "get hostname" ICMP message and let a host answer for itself.
nobody else thought this was a good idea because it's a change to the security
model (we knew DNSSEC was coming, and we thought ICMP would never be secured)
and also because of the need to do address->name lookups while the host itself
is not online, like once-a-day syslog postprocessing and similar tasks. but
i'm still not sure we made the right choice. PTR has an impedence mismatch
with IPv6, and IPv6 is the future of the internet.
More information about the dns-operations
mailing list