[dns-operations] IPv6 PTR best practice

Mark Andrews marka at isc.org
Wed May 9 07:27:36 UTC 2018

> On 9 May 2018, at 5:09 pm, Petr Špaček <petr.spacek at nic.cz> wrote:
> On 9.5.2018 07:12, Grant Taylor wrote:
>>> Companies using Active Directory have the end node populate the the
>>> PTR records using GSS-TSIG signed UPDATE requests.  Similar could work
>>> for ISP but every time someone mentions this they huff and puff and
>>> say it won’t work.
>> To be fair, Active Directory, and GSS-*, implies that Kerberos
>> authentication is in play.  That's something that ISPs are quite
>> unlikely to have in play between them and their clients.
>> That being said, there are other methods of authentication that can be
>> used between ISPs and clients.
> AFAIK Windows clients issue unsigned DNS UPDATEs when not joined to a
> Active Directory domain. It is matter of one checkbox (register address
> ... something).
> Bigger problem here is that content of the PTR record is somehow
> constructed from machine name and its domain (wither from DHCP or from
> static configuration) so the names will often look like
> 'johns-notebook.lan' and will be generally useless anyway.

Which is in part because there haven’t been enough global addresses to make
getting forwards zones useful.  IPv6 changes that.

> -- 
> Petr Špaček  @  CZ.NIC
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the dns-operations mailing list