On 10/23/14 5:17 PM, "Mark Andrews" <ma...@isc.org> wrote:
> >In message <d06e91ee.72e46%...@asgard.org>, Lee Howard writes: >> >> From: Mwendwa Kivuva <kiv...@transworldafrica.com> >> Date: Thursday, October 23, 2014 7:23 AM >> To: dnsop <dnsop@ietf.org> >> Subject: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service >>Providers >> >> > Refering to the draft by Lee Howard >> > https://tools.ietf.org/html/draft-howard-dnsop-ip6rdns-00 >> > >> > and given the weakness of the Reverse DNS access for security >>purposes, wha >> t >> > problem is this draft trying to solve? >> >> There is a common expectation that ISPs will populate PTR records for >>their >> customers. >> >> In my opinion, that is an unreasonable expectation, since ISPs do not >>have >> host names for customers, so they usually make up a name. That seems >>pretty >> useless to me. However, I don't think that is a consensus opinion, so >>it's >> not what the draft says. > >But it is not unreasonable to delegate a zone or to accept DNS UPDATE >requests >from the host you have just assigned a IP address to over TCP. Not sure of the antecedent of "you." If "you" are a DHCPv6 server, you are not necessarily a DNS server authoritative for the ip6.arpa zone in question and capable of accepting DNS updates. Especially if "you" are a DHCPv6 server on a home router. You (Mark Andrews, not the servers) have proposed mechanisms for facilitating that communication; that would help. > > zone "ip6.arpa" { > update-policy { grant * tcp-self * ptr; }; > }; > > reverse=`arpaname ${ip_address}` > hostname=`hostname` And residential hosts only know hostname, not domain name; is "myMacBook.local" useful as a PTR? I haven't checked with users of PTRs to see what they think. Lee _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop