[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS name creation [Was: Comments on multi6dt documents]

To: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Subject: Re: DNS name creation [Was: Comments on multi6dt documents]
From: Jeroen Massar <jeroen@unfix.org>
Date: Wed, 10 Nov 2004 17:32:29 +0100
Cc: multi6@ops.ietf.org
In-reply-to: <200411101616.iAAGGSSj093369@givry.rennes.enst-bretagne.fr>
Organization: Unfix
References: <200411101616.iAAGGSSj093369@givry.rennes.enst-bretagne.fr>

On Wed, 2004-11-10 at 17:16 +0100, Francis Dupont wrote:
> About DDNS and DNSSEC: they don't work well together because DDNS
> requires private (zone) keys are online to update signatures when
> DNSSEC works well and safer with offline keys.
> 
> Regards
> 
> Francis.Dupont@enst-bretagne.fr
> 
> PS: I locally solved this operational issue with a dedicated DDNS sub-zone.

I guess this is the solution used in most cases. Many people like the
format of their zones and ddns updates destroy the formatting of the
zones file (at least bind does this). Thus you make CNAMES from the main
zone to the subzone without bothering the clean zone. Isn't this part of
an RFC or BCP actually?

Greets,
 Jeroen

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: DNS name creation [Was: Comments on multi6dt documents]
  - From: Brian E Carpenter <brc@zurich.ibm.com>

References:
- Re: DNS name creation [Was: Comments on multi6dt documents]
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: Re: DNS name creation [Was: Comments on multi6dt documents]
Next by Date: RE: Comments on draft-ietf-multi6-v4-multihoming-02
Previous by thread: Re: DNS name creation [Was: Comments on multi6dt documents]
Next by thread: Re: DNS name creation [Was: Comments on multi6dt documents]
Index(es):
- Date
- Thread