In message <268ebce2-9d47-488e-8223-29b5a6323...@godshell.com>, "Jason 'XenoPhage' Frisvold" wri tes: > On Apr 27, 2010, at 8:42 PM, Mark Andrews wrote: > > Windows will just populate the reverse zone as needed, if you let > > it, using dynamic update. If you have properly deployed BCP 39 > > and have anti-spoofing ingres filtering then you can just let any > > address from the /48 add/remove PTR records. Other OS's will > > follow suite. > > Is DDNS really considered to be the end-all answer for this?
It works if you let it. > It seems = > we're putting an awful lot of trust in the user when doing this. What trust? The OS just does it. The user doesn't need to think about this. > I'd = > rather see some sort of macro expansion in bind/tinydns/etc that would = > allow a range of addresses to be added. Macro expansion won't work. 1208925819614629174706176 PTR records is a hell of a lot of records and that's just 1 /48. :-) > > Alternatively you can delegate the reverse for the /48 to servers > > run by the customers. > > This works for commercial customers, but I'm not sure I'd want to = > delegate this to a residential customer. Some will be capable others won't. I would leave it as a option but not the default. Some thing that the account's control panel can turn on and off. I would however use a different set of servers for the /48's to that of serving the /32 (or whatever) as you can just change the delegation without having to also add and remove zones which you would if they are on the same servers. I would also provide customers with forward zones that they can populate again using the /48 to control access. e.g. <hex>.customer.isp.com. <hex> is the hexadecimal representation of the /48. <machine>.<hex>.customer.isp.com. AAAA <hex>:<client> They don't need to use it but it should be there to provide complete the loop. If HE was following this schema then bsdi would default to: bsdi.200104701f00.customer.he.net AAAA 2001:470:1f00:ffff::5a1 bsdi.200104701f00.customer.he.net AAAA 2001:470:1f00:820:2e0:29ff:fe19:c02d But as I care about the name of the machine it is: bsdi.dv.isc.org. AAAA 2001:470:1f00:ffff::5a1 bsdi.dv.isc.org. AAAA 2001:470:1f00:820:2e0:29ff:fe19:c02d Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org