PTR records for v6 hosts

Bjørn Mork bjorn at mork.no
Mon Aug 31 13:02:56 CEST 2009 

Lionel Elie Mamane <lionel at mamane.lu> writes:
> On Mon, Aug 31, 2009 at 11:41:32AM +0200, Bjørn Mork wrote:
>> Ron Broersma <ron at spawar.navy.mil> writes:
>
>>> We wrote a tool that regularly polls the routers, grabs the ARP and
>>> ND tables (using appropriate snmp MIBs), looks for all the global
>>> unicast IPv6 addresses in the list, and then using their MAC
>>> address we map to the associated IPv4 address, then use that to
>>> look up the IPv4 PTR record in DNS, then use that to build an IPv6
>>> PTR record (...)
>
>> And does anyone have a proposal that would fit an ISP environment? Lets
>> say you use DHCP-PD to delegate a prefix to a customer, who is in full
>> control of his own "residential gateway" so you can't look up his
>> neigbour table.  What do you do?
>
> Well, given how few "residential gateway"s have a decent support for
> IPv6 anyway...

Oh, that's improving tremendously at the moment.  And both the BBF and
the IETF are working on IPv6 recommendations for these boxes.

>> - Delegate the reverse zone to the customer?  Most won't have a clue
>>   what to do with it.
>
> I can imagine that once IPv6 support has "settled in", that will be
> the standard solution, supported by most residential gateways.

Right.  Thanks for the idea.  I do have a few places where I can push
things like that.  This is maybe something for
http://www.ietf.org/id/draft-ietf-v6ops-ipv6-cpe-router-01.txt
?

It currently has

"
8.4.  DNS Support (CORE)

   For local DNS queries for configuration, the CPE Router may include a
   DNS server to handle local queries.  Non-local queries can be
   forwarded unchanged to a DNS server specified in the DNS server
   DHCPv6 option.  The local DNS server MAY also handle renumbering from
   the Service Provider provided prefix for local names used exclusively
   inside the home (the local AAAA and PTR records are updated).  This
   capability provides connectivity using local DNS names in the home
   after a Service Provider renumbering.
"

Which could easily be extended with an recommendation that the local DNS
server should provide authoritative service on the external interface
for any delegated prefixes.

However, this might be considered a security risk by some?

Another nice feature coupled with this might be a "dynamic DNS proxy"
for the forward records, where the RG could forward the AAAA
registration to some external dynamic DNS service.  Many CPEs includes
this feature for IPv4, but that is limited to registering a single link
address on the WAN interface.  For IPv6 they would need to register the
addresses of any (locally registered) host on the inside.

But I still wonder how the ISP is supposed to know when and where to
delegate the reverse zone.  I wouldn't want to just blindly delegate it
and end up having lots of lame delegations around.  So I would have to
wait for the RG to answer queries before enabling the DNS delegation.
Which I guess would be at least a few seconds after the DHCP-PD
finished.

Or maybe just enable it blindly first, accepting some lame delegations
for a while, and do a periodical scan to find delegations which should
be disabled?  Hmm, I'm going to have about a million of those...  Need
to think about this for a while.


Bjørn

More information about the ipv6-ops mailing list