Umm, I don't think DNSSEC (except some basic components it may use)
really deals that much on DDNS updates, but the point stands that
there has been, AFAIK, relatively little protocol work on adding new
records.
I'm not sure of the protocol itself, and the more generic case, but I
believe the reverse DNS issue could be solved, in the important
practical cases, using just an implementation approach.
That is,
1) require that the server be located at the same site as the updater
(relatively reasonable)
2) that hopefully some amount of address spoofingi protection has
been deployed on the site: just uRPF on the subnet basis is sufficient
3) make the hosts add the rfc 3041 reverses directly to the zone,
without any security
4) the dns server allows such insertion only if there are no existing
records, and the update comes from the IP address corresponding to the
reverse record
5) the records don't need to be removed by the hosts, only by a
clean-up process by the server
Not perfect, there are certainly some corner cases here, but I guess
this should be at least sufficient to experiment with DDNS reverse
insertions if that was deemed to be useful.
So which RFC that contains the above should I add to the references :-) :-)
Seriously, I think it would make sense to start writing this down with
an eye to hosts which have multiple prefixes. Thus they want a temporary
name which has AAAA records for one IP address for each of the prefix.
(The above procedure just handles a single AAAA record per name, which
isn't sufficient to solve the issue.)
Still, it would seem to be useful to try to experiment with this, but
this is a subject for another forum.
I know things in this space have been discussed in DHC in the past, but
is there a WG that should work on this?