> The section deals with how ULA's interact with the DNS. > This sort of detail needs to be there otherwise it will not > be read. One can argue whether auto configuring nameservers > needs to be there but the gist of the rest does.
Some text. Changing the NS records to point to BLACKHOLE-1.IANA.ORG and BLACKHOLE-2.IANA.ORG is one possible change for the example zones. --- draft-ietf-ipv6-unique-local-addr-08.txt Mon Nov 29 23:58:52 2004 +++ draft-ietf-ipv6-unique-local-addr-08.txt.new Fri Dec 3 15:22:43 2004 @@ -469,19 +469,51 @@ 4.4 DNS Issues - At the present time AAAA and PTR records for locally assigned local - IPv6 addresses are not recommended to be installed in the global DNS. - The operational issues relating to this are beyond the scope of this - document. - - For background on this recommendation, the concern about adding AAAA - and PTR records to the global DNS for locally assigned local IPv6 - addresses stems from the lack of complete assurance that the prefixes - are unique. There is a small possibility that the same PTR record - might be registered by two different organizations. Due to this - concern, adding AAAA records is thought to be unwise because matching - PTR records can not be registered + Sites using ULAs need to ensure that reverse DNS queries for ULAs do not + leak out of the site(s) using the ULAa. This is best ensured by + configuring the sites DNS servers to serve both C.F.IP6.ARPA and + D.F.IP6.ARPA in addition to anymore specific zones under these used for + local reverse lookups. + Leaking reverse queries will put extreme loads on the infrastructure + servers and has in the past required sacrificial servers to be + deployed to absorb the load cause by leaking queries. + + e.g. + The following "empty" zones will prevent queries leaking from the + zone. + + C.F.IP6.ARPA: + C.F.IP6.ARPA. 3600 IN SOA D.F.IP6.ARPA. <contact-address>. ( + 1 7200 3600 604800 3600 ) + C.F.IP6.ARPA. 3600 IN NS C.F.IP6.ARPA. + C.F.IP6.ARPA. 3600 IN TXT Generated as per RFCXXXX + C.F.IP6.ARPA. 3600 IN NS ::1 + + D.F.IP6.ARPA: + D.F.IP6.ARPA. 3600 IN SOA D.F.IP6.ARPA. <contact-address>. ( + 1 7200 3600 604800 3600 ) + D.F.IP6.ARPA. 3600 IN NS D.F.IP6.ARPA. + D.F.IP6.ARPA. 3600 IN TXT Generated as per RFCXXXX + C.F.IP6.ARPA. 3600 IN NS ::1 + + Multiple sites connecting using ULAs may want maintain common + C.F.IP6.ARPA and D.F.IP6.ARPA zones and use them delegate more specific + zones. It is not expected that centrally addresses will have delegations + in the global DNS tree. + + Advertising locally assigned ULA AAAA records in the global DNS is + MUST NOT occur as they are not globally unique and will lead + to unexpected connections. + + Advertising centrally assigned ULA AAAA records in the global DNS is + not encouraged at this point in time as not all applications recover + well from attempting to reach a non-reachable addresses. + + Populating the reverse zones with appropriate PTR records is at the + site's disgression. One should note that many applications will not + accept a PTR record without the associated AAAA record also being + available. Supplying this may require a split DNS configuration. 4.5 Application and Higher Level Protocol Issues -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------