In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wri
tes:
>>>Require the DNS server at the edge of the site be authoritative for the
>>>whole of fec0::/10 or blackhole the queries.
>>>
>>>(I don't think too many people would even want to register site-locals in
>>>the _global_ reverse DNS, queriable by anyone -- remember, they're not to
>>>be used globally, and reverses in and itself are already considered a
>>>"security hazard" by some.)
>>>
>>>Let's not go down the path of putting site-locals anywhere near the global
>>>ip6.arpa.
>>
>>Sure -- but to keep the load off the root, we need to be *very* sure
>>that sites do pretend to be authoritative for them.
>
> will it help if we ship c.e.f.ip6.int/arpa zone files with BIND,
> just like 1.0.0.127.in-addr.arpa?
>
I thought of that. It's certainly a good idea, but I'm not sure that
it will help enough.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
