In message <d0782276.73d89%...@asgard.org>, Lee Howard writes: > > > On 10/23/14 5:17 PM, "Mark Andrews" <ma...@isc.org> wrote: > > > > >In message <d06e91ee.72e46%...@asgard.org>, Lee Howard writes: > >> > >> From: Mwendwa Kivuva <kiv...@transworldafrica.com> > >> Date: Thursday, October 23, 2014 7:23 AM > >> To: dnsop <dnsop@ietf.org> > >> Subject: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service > >>Providers > >> > >> > Refering to the draft by Lee Howard > >> > https://tools.ietf.org/html/draft-howard-dnsop-ip6rdns-00 > >> > > >> > and given the weakness of the Reverse DNS access for security > >>purposes, wha > >> t > >> > problem is this draft trying to solve? > >> > >> There is a common expectation that ISPs will populate PTR records for > >>their > >> customers. > >> > >> In my opinion, that is an unreasonable expectation, since ISPs do not > >>have > >> host names for customers, so they usually make up a name. That seems > >>pretty > >> useless to me. However, I don't think that is a consensus opinion, so > >>it's > >> not what the draft says. > > > >But it is not unreasonable to delegate a zone or to accept DNS UPDATE > >requests > >from the host you have just assigned a IP address to over TCP. > > Not sure of the antecedent of "you." If "you" are a DHCPv6 server, you > are not necessarily a DNS server authoritative for the ip6.arpa zone in > question and capable of accepting DNS updates. Especially if "you" are a > DHCPv6 server on a home router. > > You (Mark Andrews, not the servers) have proposed mechanisms for > facilitating that communication; that would help. > > > > > zone "ip6.arpa" { > > update-policy { grant * tcp-self * ptr; }; > > }; > > > > reverse=`arpaname ${ip_address}` > > hostname=`hostname` > > > And residential hosts only know hostname, not domain name; is > "myMacBook.local" useful as a PTR? I haven't checked with users of PTRs > to see what they think.
Which is basically because home users have been treated as second class citizen on the Internet. They couldn't get permanent addresses as they had to be re-used just to keep the net working. This is no longer true with IPv6. Lots of home users do actually have registered domainnames. If you make it simpler lots more will. If you don't have a domain add a PTR record that points to <name>.itself with a A / AAAA record which corresponds. myMacBook.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.ip6.arpa is a legal hostname. You could also strip it back to the /64 or /48. myMacBook.1.0.168.192.in-addr.arpa is a legal hostname. 1.0.168.192.in-addr.arpa PTR myMacBook.1.0.168.192.in-addr.arpa myMacBook.1.0.168.192.in-addr.arpa A 192.168.0.1 The ISP could have a "home" and customers could have a name delegated from it as part of their package. myMacBook.name.example.com There are lots of ways to get a name. ICANN could open up ".home" to residential customers. Australia has "id.au" which is designed for low cost / zero cost delegations. I have andrews.wattle.id.au for $0. There days there really is no reason not to run servers at home. I would bet that over 50% of households already run servers at home though not all of these would be currently open to the world. I expect that number to increase. I also expect homes with registered domains to increase as the automation in the home increases. There is something nice about being able to tell airconditioners etc. to turn on when you leave work so the room is a reasonable temperature. There is something nice about being able to stream movies from your home video system regardless of where you are in the world. I'm sure lots of other things will come along to make use of homes having registered domains in the future. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
