> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Edward > Lewis > Sent: Thursday, September 03, 2009 12:07 PM > To: Lee Howard > Cc: [email protected]; 'Edward Lewis' > Subject: Re: [DNSOP] Dynamically Generated PTR, was Re: ... rDNS for IPv6... > > At 11:49 -0400 9/3/09, Lee Howard wrote: > >> -----Original Message----- > >> From: [email protected] ... On Behalf Of Edward Lewis > > >> 1) Zone transfers? > > > >Is this a requirement for IP6.ARPA zones used for residential users? > > Kind of. > > To achieve a sufficient number "9's" of availabilty (that is "99.9" > or "99.999") more than one source of data is needed. That is, you
In the "on the fly" scenario, you have the same level of availability if multiple authoritative servers provide the same response to a PTR query. You can AXFR, or you can use the same algorithm: any query for 1...8.b.d.0.1.0.0.2.ip6.arpa will always return "1...1.0.0.2.customer.example.com." > could have just one server for an IPv6 range but then it is a single > point of failure. Most DNS zones are on at least 2 servers - deep in > the tree. The root zone is on 100's (13 visible at any one place at > a a time), TLDs usually about a half-dozen (visible plus anycast). > > If there is no zone transfer, an admin would have to manually get the > multiple sources to be in sync some other way. The admin could use > things like RSYNC, but that means that the constellation is running > in a "special mode" and if the admin is on vacation it might be hard > to fix. > > It's safest to always have zone transfer defined for any DNS > extension as this is the only means to provide interoperability and > "in-band" maintenance of the system. I agree with you in principle. And I agree with you in specific cases, where DNS is updated dynamically, or reverse zones are prepopulated (i.e., any time the PTR records point to something actually useful). But most ISPs just put in placeholder records or generate on the fly--seems to be common practice already. It doesn't seem like PTR records need to be static just so transfers will work. > >> 2) Dynamic update? > > > >Mutually exclusive per zone. For any given zone, you can either generate > >on the fly, or support dynamic updates. If you want both, you'll have to > >number them out of different scopes, which may not be as bad as it sounds. > > This is a question more based on things like Active Directory. This > is not so vital, but given that "incrementalism" is growing in > importance it would be a desired feature. In this case, I'd like to > be able to add new synthesis rules on the fly (as opposed to DHCP > lease information). I don't understand. > >> 3) DNSSEC? > >> > >> I think such synthesis is the way to go. The problem is usually > >> keeping a constellation of servers synchronized with respect to the > >> synthesis rules, keeping up with changes, and signing the data. > > > >I'd like to see more on this topic. > > Me too. I don't mean to shoot down what Fujiwara-san has suggested. > I am shooting down the notion that "what we have now is good enough." > Perhaps this is the next major incremental addition to the DNS > protocol - a more general synthesis mechanism. (I envision something > involving NAPTR...it has the seeds we need.) Go on... Lee _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
