Mark Andrews wrote: > In message <4a9c783e.8090...@dougbarton.us>, Doug Barton writes: >> Mark Andrews wrote: >> >>> This was on the adgena for DNSOP at the last IETF 75. There was >>> much discussion. >> Sorry if I'm rehashing this unnecessarily. I did (an admittedly >> cursory) search of my list archive and didn't see anything similar. >> >>> Not all of use agree with the analysis in that >>> document though I think there was consensus that ISP's shouldn't >>> need to per-populate reverse IPv6 zones. >> Yeah, that more or less sums up my feelings as well, although .... >> >> I did read recently about the idea of using DLZ for this. Any >> reasonably sized relational database ought to be able to handle the >> load here. I plan to look at scripting something for this purpose as >> soon as I get the requisite number of round 'tuits. >> >> Doug > > You don't need a database. The number of machines involved doesn't > magically explode so you don't magically need lots more PTR records. > Typical households have a handful of machines. All that's really > needed is a agreed method to populate the reverse name space.
I was actually thinking along the lines of "what would it take to actually populate a reverse zone of size /N?" where N would take various flavors like 64, 60, 56, etc. as an interesting experiment. I am not suggesting that anyone would actually use something like this in production, although I suppose that there are people who are $ADJECTIVE enough to do it. :) > If you deploy BCP 38 to the customer level TCP is a good enough > authenticator for updating a reverse zone via UPDATE. True. I guess I'll have to polish up my GSS fu. > If you don't do BCP 38 to the customer level, e.g. there is shared > media involved that allows spoofing to occur for customers on that > media, then TSIG will work and is scaleable at the ISP level for > UPDATE. I seriously doubt that anyone who is not got their defecation consolidated sufficiently to do BCP 38 is really going to care enough about rDNS to set up TSIG, but that's just me. :) Doug _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
