[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS name creation [Was: Comments on multi6dt documents]

To: Erik Nordmark <erik.nordmark@sun.com>
Subject: Re: DNS name creation [Was: Comments on multi6dt documents]
From: Pekka Savola <pekkas@netcore.fi>
Date: Thu, 11 Nov 2004 15:58:23 +0200 (EET)
Cc: multi6@ops.ietf.org
In-reply-to: <4192373C.2040505@sun.com>
References: <Pine.LNX.4.61.0411090232360.29032@netcore.fi> <419112EC.3010706@sun.com> <Pine.LNX.4.61.0411100318430.1264@netcore.fi> <4192373C.2040505@sun.com>

On Wed, 10 Nov 2004, Erik Nordmark wrote:

That is, 1) require that the server be located at the same site as the updater (relatively reasonable) 2) that hopefully some amount of address spoofingi protection has been deployed on the site: just uRPF on the subnet basis is sufficient 3) make the hosts add the rfc 3041 reverses directly to the zone, without any security 4) the dns server allows such insertion only if there are no existing records, and the update comes from the IP address corresponding to the reverse record 5) the records don't need to be removed by the hosts, only by a clean-up process by the server

Not perfect, there are certainly some corner cases here, but I guess this should be at least sufficient to experiment with DDNS reverse insertions if that was deemed to be useful.
So which RFC that contains the above should I add to the references :-) :-)

:-) -- actually, I had been asking on dnsop whether the DNS update specific issues should be split to a separate, new document (whether informative or normatively referenced). That might allow them to be analyzed and experimented a bit further.. maybe even documenting the procedure described above :).

Unfortunately, the draft is already past the IESG, resolving Thomas's concerns, (one of which was the length, though), so while it definitely isn't too late for this -- if folks would see that as a good thing -- it's still something I'd rather have started earlier. But that's life :).

Seriously, I think it would make sense to start writing this down with an eye to hosts which have multiple prefixes. Thus they want a temporary name which has AAAA records for one IP address for each of the prefix. (The above procedure just handles a single AAAA record per name, which isn't sufficient to solve the issue.)

A very important thing IMHO would be doing actual testing and experimentation on this, which might also implementing some minor features at the DNS server if needed.

Still, it would seem to be useful to try to experiment with this, but this is a subject for another forum.
I know things in this space have been discussed in DHC in the past, but is there a WG that should work on this?

Precisely. This clearly falls under the dnsop WG responsibility (IMHO). It just requires that folks are interested in pursuing this work.

If there are people who are interested in this -- particularly for doing some actual testing etc. -- I'd suggest speaking up here, at dnsop, or to me directly.

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Comments on multi6dt documents
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: Comments on multi6dt documents
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: Comments on multi6dt documents
  - From: Pekka Savola <pekkas@netcore.fi>
- DNS name creation [Was: Comments on multi6dt documents]
  - From: Erik Nordmark <erik.nordmark@sun.com>

Prev by Date: Re: Comments on multi6dt documents
Next by Date: Re: Comments on draft-ietf-multi6-v4-multihoming-02
Previous by thread: Re: DNS name creation [Was: Comments on multi6dt documents]
Next by thread: Re: Comments on multi6dt documents
Index(es):
- Date
- Thread