In message <1251822081.3172.8887.ca...@shane-asus-laptop>, Shane Kerr writes: > Mark, > > On Tue, 2009-09-01 at 11:52 +1000, Mark Andrews wrote: > > If you deploy BCP 38 to the customer level TCP is a good enough > > authenticator for updating a reverse zone via UPDATE. > > As I mentioned at the IETF, this is simply not true. All because I let > someone on my network doesn't mean I want them to be able to update the > DNS. It *might* be true. > > > Since this is IPv6 give each customer their own address block and > > corresponding reverse zone. You don't need a single big machine > > to do this. > > Feel free to do that with networks you operate. This is a huge cost, if > you compare it to a zone file with a $RANGE statement, which is what we > have today.
How is it a huge cost? Please tell me. Most of the zones would have 100 max records in them to cover a /56. You mean ISP's can't support a 100 records / customer? You could have a policy which says if you go over 150 records you need to run your own servers which we will delegate to and we will warn you once you reach 100. Traditional zones have a reasonably large over head in named. DLZ based one have a much lower overhead but it doesn't currently support UPDATE. There is no reason why it or something like it couldn't support UPDATE. Again where is the huge cost. These are not pre-populated zones. They get populated by the end user equipment. Windows already does this by default. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
