I like it :-)
On Wed, 2002-11-27 at 07:57, Steven M. Bellovin wrote: > In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wr > i > tes: > >>>Require the DNS server at the edge of the site be authoritative for the > >>>whole of fec0::/10 or blackhole the queries. > >>> > >>>(I don't think too many people would even want to register site-locals in > >>>the _global_ reverse DNS, queriable by anyone -- remember, they're not to > >>>be used globally, and reverses in and itself are already considered a > >>>"security hazard" by some.) > >>> > >>>Let's not go down the path of putting site-locals anywhere near the global > >>>ip6.arpa. > >> > >>Sure -- but to keep the load off the root, we need to be *very* sure > >>that sites do pretend to be authoritative for them. > > > > will it help if we ship c.e.f.ip6.int/arpa zone files with BIND, > > just like 1.0.0.127.in-addr.arpa? > > Thinking about it a little more, there's a seriously obscene thing > to do here: ship the config files with a * PTR record, resolving to > something like "read.RFC.1918.for.these.addresses." > > > > -------------------------------------------------------------------- > IETF IPng Working Group Mailing List > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
