Mark,
On Tue, 2009-09-01 at 11:52 +1000, Mark Andrews wrote:
> If you deploy BCP 38 to the customer level TCP is a good enough
> authenticator for updating a reverse zone via UPDATE.
As I mentioned at the IETF, this is simply not true. All because I let
someone on my network doesn't mean I want them to be able to update the
DNS. It *might* be true.
> Since this is IPv6 give each customer their own address block and
> corresponding reverse zone. You don't need a single big machine
> to do this.
Feel free to do that with networks you operate. This is a huge cost, if
you compare it to a zone file with a $RANGE statement, which is what we
have today.
Perhaps it makes sense to have two documents:
1. A document which says "you won't be able to pre-populate in IPv6
reverse like you do in IPv4 - don't worry about it".
2. A document which says "if you want to provide IPv6 reverse for
some reason, here are a plethora of ways to do it".
Which is basically Doug's document, split into two. I think having two
makes sense, because otherwise we are confounding the pre-populating
issue with the issue of how to provide reverse in the brave, new IPv6
world.
--
Shane
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
