On Dec 5, 2010, at 9:41 PM, Jima wrote: > On 12/5/2010 4:13 PM, John Levine wrote: >> In IPv4 land, it is standard to assign matching forward and reverse >> DNS for every live IP, and a fair number of services treat requests >> from hosts without rDNS with added scepticism. For consumer networks, >> it's often something like 12-34-56-78.adsl.incompetent.net, with the >> numbers being the IP address forward or backwards. >> >> So if every customer gets a /64, what do you do? You can use a >> wildcard to give the same rDNS to all 2^64 addresses, but you can't do >> matching forward DNS, since a DNS response with 2^64 AAAA records >> would be, ah, a little unwieldy. > > I thought the same thing, actually, which is why I made my own solution. I > ended up writing a DNS server in perl (using Net::DNS::Nameserver) that > replies to reverse queries with a reproducible PTR -- generated by encoding > the IP in base32. (Or the second half of the IP, in the case of a few > "known" networks.) Forward queries for the matching name decode the base32. > The host-specific part of the DNS is kind of long (26 characters, or 13 for > known networks), but it's marginally shorter than the full IP (which would be > 32/16 characters, without separators). I'm pretty happy with the results, > but I'd love to hear if anyone's come up with more elegant solutions.
Anyone done this dynamic synthesis w/ bind? dnssec thoughts as well? i know this isn't namedroppers, but perhaps someone can post some code or examples, or a link to a webpage with them? - Jared
