[dns-operations] IPv6 PTR best practice

Mark Andrews marka at isc.org
Fri May 11 22:28:37 UTC 2018 

John, finding the zone to update is dead easy. Nsupdate has been doing that for two decades now. It is easy to find the correct containing zone by making SOA queries starting with one of the names you want to update then removing a label if you don’t get back a SOA record. You also have to check for CNAME and DNAME records.   There is also a draft that describes this along with adjusting the NXDOMAIN TTLs that are produced. 

By default you send the update to the SOA MNAME once you have the zone. Apple also registered a SRV prefix so you can redirect the update traffic to another server.  This was done in conjunction with Dyn I believe. They did not publish a RFC to cover the SRV assignment.  MacOS looks up this SRV record when sending TSIG signed dynamic updates. 

As for automatic delegation in the reverse tree. I presented a secure mechanism to do this several years ago to dnsop and didn’t even get a hum an will we adopt it. The chairs just dropped the ball.   See upstream for the drafts name. 

-- 
Mark Andrews

> On 12 May 2018, at 05:57, John Levine <johnl at taugh.com> wrote:
> 
> In article <CAHw9_iL248Lzonha=Ko2okNMOGSiYkiiOhArjhVMycRzSwvsvQ at mail.gmail.com> you write:
>> ​Oh, this: https://datatracker.ietf.org/doc/draft-ietf-dnsop-isp-ip6rdns/
>> is probably relevant.
>> 
>> Its not really a best practices ​survey, but does have a nice framework for
>> discussion.
> 
> It is also a good survey of what ISPs actually do.
> 
> Apropos Mark's plan that hosts or maybe routers can install rDNS
> records when they start to use a v6 address, we have a fairly severe
> bootstrap problem.  When I plug a device into my home LAN, it gets its
> SLAAC info from a router sitting on my desk.  But the rDNS for my
> network is handled by dns[1-6].rr.com.  Even if my router wanted to
> send rDNS updates where would it send them?  Is there a DHCPv6 option
> or something that would tell it?  If it sent updates, how would the
> server to which it sent them know whether to believe them?
> 
> This really seems like a lot of work for no benefit at all.  If your
> device doesn't have a static address, it doesn't need rDNS.
> 
> R's,
> John
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list