In the document draft-howard-isp-ip6rdns-05, a solution to manage the reverse
domain is to dynamically generate PTR when queried ("On the Fly").
In the draft, we have the following:
"This method may not scale well in conjunction with DNSsec [RFC4035], because
of the additional load, but since keys may be pregenerated for zones, and not
for each record, the risk is moderate."
In normal conditions (i.e. with static DNS zones), signatures are pre-generated
for the whole zone. However if you generate PTR records on the fly, you must
also generate associated signature (RRSIG) on the fly. So IMHO the impact on
performance is important.
Philippe
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
France Telecom - Orange decline toute responsabilite si ce message a ete
altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete
this message and its attachments.
As emails may be altered, France Telecom - Orange is not liable for messages
that have been modified, changed or falsified.
Thank you.
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
