On Tue, Apr 27, 2010 at 11:13 PM, David Conrad <d...@virtualized.org> wrote:
> On Apr 27, 2010, at 6:46 PM, John Levine wrote: > > > For spoof resistance, how about doing a forward lookup on the > > purported name and only installing it if it gets a matching AAAA > > record? > > Sounds like a reasonable DDNS filtering approach. > > On controlled environments it might work. Don't know how larger ISPs would set AAAA records before for bazillion possible combinations of computer.subnet.customer.isp.tld. If going dynamic, are you willing to lower your DNS TTL to handle that? Maybe doing wildchar evatulation for /64 subnets? "Everything under this subnet is my-subnet.customer.isp.tld". > Regards, > -drc > > > Kindly, Felipe
