>>>>> On Fri, 9 Apr 2004 17:13:25 +0300 (EEST),
>>>>> Pekka Savola <[EMAIL PROTECTED]> said:
> I've reworded it below for clarity:
> <t>In the first case, managing the reverse DNS (delegation) is
> simpler as the DNS server and the prefix delegator are in the same
> administrative domain (as there is no need to delegate anything at
> all). In the other cases, it can be slighly more difficult,
> particularly as the site will have to configure the DNS server to be
> authorative for the delegated reverse zone, implying automatic
> configuration of the DNS server -- as the prefix may be dynamic.</t>
> <t>Managing the DDNS reverse updates is typically simple in
> the second case, as the updated server is located at the local site,
> and arguably IP address-based authentication could be sufficient (or
> if not, setting up security relationships would be simpler). As there
> is an explicit (security) relationship between the parties in the
> third case, setting up the security relationships to allow reverse
> DDNS updates should be rather straightforward as well. In the first
> case, however, setting up and managing such relationships might be a
> lot more difficult.</t>
> Is this better? Suggestions?
Much better, yes.
And I'd clarify in the classification at the beginning of this section
that the corresponding DNS reverse zone is also delegated in the last
two cases.
So, the entire section would be as follows:
7.5 DDNS with Dynamic Prefix Delegation
In cases where a prefix, instead of an address, is being used and
updated, one should consider what is the location of the server where
DDNS updates are made. That is, where the DNS server is located:
1. At the same organization as the prefix delegator.
2. At the site where the prefixes are delegated to. In this case,
the authority of the DNS reverse zone corresponding to the
delegated prefix is also delegated to the site.
3. Elsewhere; this implies a relationship between the
site and where DNS server is located, and such a relationship
should be rather straightforward to secure as well. Like in
the previous case, the authority of the DNS reverse zone is
also delegated.
In the first case, managing...
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
