[dns-operations] IPv6 PTR best practice
Mark Andrews
marka at isc.org
Wed May 9 07:27:36 UTC 2018
> On 9 May 2018, at 5:09 pm, Petr Špaček <petr.spacek at nic.cz> wrote:
>
> On 9.5.2018 07:12, Grant Taylor wrote:
>>> Companies using Active Directory have the end node populate the the
>>> PTR records using GSS-TSIG signed UPDATE requests. Similar could work
>>> for ISP but every time someone mentions this they huff and puff and
>>> say it won’t work.
>>
>> To be fair, Active Directory, and GSS-*, implies that Kerberos
>> authentication is in play. That's something that ISPs are quite
>> unlikely to have in play between them and their clients.
>>
>> That being said, there are other methods of authentication that can be
>> used between ISPs and clients.
>
> AFAIK Windows clients issue unsigned DNS UPDATEs when not joined to a
> Active Directory domain. It is matter of one checkbox (register address
> ... something).
>
> Bigger problem here is that content of the PTR record is somehow
> constructed from machine name and its domain (wither from DHCP or from
> static configuration) so the names will often look like
> 'johns-notebook.lan' and will be generally useless anyway.
Which is in part because there haven’t been enough global addresses to make
getting forwards zones useful. IPv6 changes that.
> --
> Petr Špaček @ CZ.NIC
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list