[dns-operations] fewer PTRs plz (Re: reverse DNS for DHCPV6 and PD's)
marka at isc.org
Thu Jun 16 00:26:03 UTC 2011
In message <99b34ca9a3938a4e10e267493f6cdfcf.squirrel at webmail.aminor.no>, "Eivi
nd Olsen" writes:
> Robert Edmonds wrote:
> > i can't see any reasons to deny a PTR update (whether it came in via a
> > ticket or via a dynamic update) other than simple technical checks, like
> > perhaps verifying that the PTRDNAME points to an existing A or AAAA
> > owner name.
> I can see such a reason, but please correct me if I'm wrong here, I won't
> pretend to be an expert, and I'd love to learn something new :D
> It's fairly common for ISPs to hand out dynamic addresses to their
> residential customers in an IPv4 based world. I'll admit I don't have much
> experience with how a mass-market ISP will do this for IPv6 but I'm
> guessing it will be done with dynamic prefix allocation for IPv6 as well.
> A fairly common setup on the customers CPE is to hand out addresses in a
> range from x to y.
> Now, let's say I get assigned the prefix 2001:DB8::/32, and the DHCP
> server in the CPE provided by my ISP starts handing out addresses from
> <prefix>::100 up to ::200. If DDNS to the PTR is open for all I can
> easily create several not-so-nice PTR names for this range, turn off my
> CPE, wait for the next customer to get assigned my previous prefix, and
> he'll get nice pre-made PTR records for all his hosts unless he also
> registers a new PTR by himself.
> Unfortunately, stuff like this is exactly what will get printed in the
> media, and that's attention no ISP will want, even if they can point the
> finger at a customer.
> Sure, there are possible fixes for this, such as:
> - assign a static prefix for every customer, and clean up any PTRs in that
> prefix if the customer cancels their subscription. I believe many ISPs
> don't want to provide static prefix in their residential product,
> encouraging customers to go for the premium priced product if they want
> static addresses.
> - keep assigning dynamic prefixes to customers, but somehow clean up any
> PTRs before handing it out to the next customer
> - have the CPE automatically register or delete PTRs for its DHCPv6 range.
> Oh btw, the simple technical check of having an existing AAAA record
> before being allowed to update the PTR record doesn't prevent this issue.
> I can easily create an AAAA record for a somewhat disturbing hostname.
> Yes, I'd have to use a domain name I somehow control.
> So, to sum it up: no, I wouldn't expect every ISP to allow every
> residential customer to do DDNS updates on their dynamic address ranges.
> Eivind Olsen
In the IPv4 world you would almost always been doing a RFC 2317
style delegation or manually inserting the records and most customer
delegation do not fall nicely on a DNS delegation break point.
In IPv6 all delegations fall nicely on DNS delegation break points.
IPv4 requires humans. IPv6 can be completely automated.
If the ISP is really worried about this they can just allow the
/48, /52, /56, /60, /64 reverses to be automatically delegated to
the customer's nameservers (CPE) using dynamic updates to insert
the NS/DNAME records. This is completely self cleaning from the
ISP's perspective. When they next hand out the address to a new
customer they update the NS/DNAME records. The host machines still
automatically update themselves in the DNS, just now the updates
are going to customer owned nameservers instead of ISP owned
If Geoff had allowed the 2002::/16 reverse to be updated this way
we would have had a good working example to show people. The code
was written to do this.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations