On Apr 27, 2010, at 6:46 PM, John Levine wrote: >> Hmm. A macro expansion for a /48 would mean >> 1,208,925,819,614,629,174,706,176 leaves. An interesting stress test >> for name servers... :-). > My inclination would be to use a wildcard that returns something like > not-in-service.some-network.net, and let the clients add records for > the addresses they use.
While better than 1 septillion zone entries, you still have the problem of how to let the clients add the records. DDNS is one approach. Manual intervention (e.g., as part of a customer provisioning system) is another as long as you don't use privacy extensions. > For spoof resistance, how about doing a forward lookup on the > purported name and only installing it if it gets a matching AAAA > record? Sounds like a reasonable DDNS filtering approach. Regards, -drc