Not strictly true. A pretty good presentation on this was given at the IPv6-SIG at APNIC 15:
http://www.apnic.net/meetings/15/sigs/ipv6/docs/ipv6-fujisaki-reverse-dns.pdf
I read this. It doesn't really provide much in the way of details. It just says it's "hard" and many don't do it, so it recommends that no one do it.
I'm sorry, I just don't buy this logic.
This doesn't even cover the tricky issue of how you update the reverse securely for home users (the problem here is that the ISP and the home have to share a secret somehow, not unsolvable but tricky).
Follow the chain of delegations. Each organization has a relatively small part of the space to manage, and internally they handle updates, etc... however they feel best.
Sure, you could provide some tools to help make this easier, more fully integrating DNSUPDATE with DNSSEC in your DHCPv6 servers, and providing other tools to automate much of this work for machines with static IP addresses. But I don't really see how this is any different from reverse DNS for IPv4.
For the record, I think ICMP name lookups would solve the problem of address-to-name mapping sufficiently for users. I support the proposal of no longer doing reverse for IPv6 100%.
Too many sites filter ICMP at the border, and for good reason. Internally, this may work fine, and may be used to maintain a database somewhere -- which should probably be in the DNS, because we know that this solution will work and safely cross borders.
Outside of the local network, I don't see how this could possibly function.
-- Brad Knowles, <[EMAIL PROTECTED]>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) #---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
