Mark, On Tue, 2009-09-01 at 11:52 +1000, Mark Andrews wrote: > If you deploy BCP 38 to the customer level TCP is a good enough > authenticator for updating a reverse zone via UPDATE.
As I mentioned at the IETF, this is simply not true. All because I let someone on my network doesn't mean I want them to be able to update the DNS. It *might* be true. > Since this is IPv6 give each customer their own address block and > corresponding reverse zone. You don't need a single big machine > to do this. Feel free to do that with networks you operate. This is a huge cost, if you compare it to a zone file with a $RANGE statement, which is what we have today. Perhaps it makes sense to have two documents: 1. A document which says "you won't be able to pre-populate in IPv6 reverse like you do in IPv4 - don't worry about it". 2. A document which says "if you want to provide IPv6 reverse for some reason, here are a plethora of ways to do it". Which is basically Doug's document, split into two. I think having two makes sense, because otherwise we are confounding the pre-populating issue with the issue of how to provide reverse in the brave, new IPv6 world. -- Shane _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop