PTR records for v6 hosts

Ron Broersma ron at spawar.navy.mil
Mon Aug 31 20:15:01 CEST 2009 

On Aug 31, 2009, at 7:26 AM, Doug Barton wrote:

> Ron Broersma wrote:
>>
>> On Aug 30, 2009, at 8:42 AM, Seth Mattinen wrote:
>>
>>> I'm curious as to how everyone is doing PTR records in DNS for  
>>> their v6
>>> hosts. Are you just letting autoconf hosts go without? Do you  
>>> manually
>>> create one once you know what it's autoconf address will be? Or do  
>>> you
>>> use DHCP with a predefined pool that's easy to create a PTR range  
>>> for?
>>
>> We wrote a tool that regularly polls the routers, grabs the ARP and  
>> ND
>> tables (using appropriate snmp MIBs), looks for all the global  
>> unicast
>> IPv6 addresses in the list, and then using their MAC address we map  
>> to
>> the associated IPv4 address, then use that to look up the IPv4 PTR
>> record in DNS, then use that to build an IPv6 PTR record and use  
>> dynamic
>> DNS update to update the zone (with various optimizations such as
>> caching, garbage collection, etc).
>
> Have you considered open-sourcing such a tool? I'm sure that a lot of
> people would find it very valuable.

Yes, that is the plan.  But we want to first make it a little more  
general purpose now that we have all the algorithms worked out, and  
clean up the code a bit, and provide various configuration options  
depending on site preferences.

>> That works well for us (dealing
>> with thousands of v6 hosts on our net), although there are challenges
>> with differences in how each vendor implements the v6 MIBs, and churn
>> from those horrible privacy/temporary addresses [RFCs 3041, 4941]  
>> that
>> that all Microsoft OS's enable by default).
>
> Personally I like my privacy, but I can see how it would be difficult
> to deal with. :)

I understand that many would prefer that level of privacy, but it  
creates serious problems for managed enterprise networks where  
stability of addresses and forensics capabilities are important.  If I  
had my way, I'd like to see another bit in the router advertisements  
(like the M & O bits) that says "do not use privacy addresses", or  
something like that, rather than having to convince all my users and  
sys admins to disable it manually on every Windows system.

--Ron

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4936 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20090831/4b208985/attachment.bin

More information about the ipv6-ops mailing list