> From: Edward Lewis <ed.le...@neustar.biz> >>Performance problem will be solved by better code and new hardware. >> >>In my opinion, "Dynamically Generate PTR When Queried" works well. > > I have to ask based on the experience I had with wildcards, how does > this work with: > > 1) Zone transfers?
Zone transfer is not required, not defined on my idea. If I need multiple servers, I run same program with same DNSSEC key file on each server. Each server generates same PTRs and different RRSIG (different Signature Inception, Signature Expiration). > 2) Dynamic update? Generated hostname is fixed for each IPv6 address on my idea. All IPv6 address have reverse mapped hostname. Dynamic update is not used. > 3) DNSSEC? NSEC may be generated because next owner name is next IPv6 address and type bitmap have PTR only. Then, if the server has private keys, then RRSIG is easily generated. Problems are ... - No good code (writing better code solves this problem.) - Performance (better code and new hardware solve this problem.) - Private keys are shared on each authoritative server. -- Kazunori Fujiwara, JPRS <fujiw...@jprs.co.jp> _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
