Dan, Your message is incomplete. You failed to include the
alternative scheme which would have made it impossible for a
careless zone administrator to shoot himself in the foot.
Also, note that server synthesis of address records would
require a DNSSEC zone-signing key to be kept on-line, which
would lead to widespread theft of keys and secured spoofing
of DNS records.
It's possible to do the synthesis in a somewhat less
insecure "outboard" way with A6 just as with AAAA (at the
cost of one extra byte per record) if desired.
Finally, I point to 2874's text on glue, which includes
[...]
any of
o a minimal set of A6 records duplicated from the X.EXAMPLE zone,
o a (possibly smaller) set of records which collapse the structure
of that minimal set,
o or a set of A6 records with prefix length zero, giving the entire
global addresses of the servers.
The trade-off is ease of maintenance against robustness. The best
and worst of both may be had together by implementing either the
first or second option together with the third.
Following this suggestion would turn your example into
aol.com NS dns-01.ns.aol.com
aol.com NS dns-02.ns.aol.com
dns-01.ns.aol.com A6 <len> <suffix bits> prefix.aol.net
A6 0 <full address>
dns-02.ns.aol.com A6 <len> <suffix bits> prefix.aol.net
A6 0 <full address>
The full address is usable with no other data cached, and
the broken-up record may save the day in *some* cases if the
full-address record becomes incorrect while still "live".
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
