>> well, the above scenario looks too aggressive to me.
>> the invariants we would like to keep are:
>> - advertise address by DNS, only after addresses are ready
>Ready to accept traffic I assume. Or do you mean "ready = preferred"?
ready to accept traffic, yes. i'd enable forward DNS records,
only after I confirmed the reachability of new address is stable enough
(run some test from outside, by ping6 or traceroute6).
>> - mark addresses deprecated, only after we remove them DNS and
>> we wait till DNS TTL has passed
>That means that the old adresses will be used as source addresses
>when they don't exist in the DNS. So any application on a peer which does a
>reverse + forward DNS lookup of the source address, will not find anything
>in the DNS. While we'd like to see such DNS host name verification replaced
>by stronger measures (such as IPsec) I think it would be unfortunate to
>completely throw out the ability the rely on DNS for reverse + forward lookups.
if you want to you may put reverse DNS entries earlier than forward DNS
entries. about the use of old address without forward DNS entries,
i have no answer yet. let me think.
itojun
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
