PTR records for v6 hosts

Doug Barton dougb at dougbarton.us
Mon Aug 31 20:19:54 CEST 2009 

Ron Broersma wrote:
> 
> On Aug 31, 2009, at 7:26 AM, Doug Barton wrote:
> 
>> Ron Broersma wrote:
>>>
>>> On Aug 30, 2009, at 8:42 AM, Seth Mattinen wrote:
>>>
>>>> I'm curious as to how everyone is doing PTR records in DNS for their v6
>>>> hosts. Are you just letting autoconf hosts go without? Do you manually
>>>> create one once you know what it's autoconf address will be? Or do you
>>>> use DHCP with a predefined pool that's easy to create a PTR range for?
>>>
>>> We wrote a tool that regularly polls the routers, grabs the ARP and ND
>>> tables (using appropriate snmp MIBs), looks for all the global unicast
>>> IPv6 addresses in the list, and then using their MAC address we map to
>>> the associated IPv4 address, then use that to look up the IPv4 PTR
>>> record in DNS, then use that to build an IPv6 PTR record and use dynamic
>>> DNS update to update the zone (with various optimizations such as
>>> caching, garbage collection, etc).
>>
>> Have you considered open-sourcing such a tool? I'm sure that a lot of
>> people would find it very valuable.
> 
> Yes, that is the plan.  But we want to first make it a little more
> general purpose now that we have all the algorithms worked out, and
> clean up the code a bit, and provide various configuration options
> depending on site preferences.

That sounds great! One word of free advice (worth just what you paid
for it of course), err on the side of releasing sooner than later.
Many a useful project has been stuck forever in the loop of "not quite
ready for other people to see yet."

>>> That works well for us (dealing
>>> with thousands of v6 hosts on our net), although there are challenges
>>> with differences in how each vendor implements the v6 MIBs, and churn
>>> from those horrible privacy/temporary addresses [RFCs 3041, 4941] that
>>> that all Microsoft OS's enable by default).
>>
>> Personally I like my privacy, but I can see how it would be difficult
>> to deal with. :)
> 
> I understand that many would prefer that level of privacy, but it
> creates serious problems for managed enterprise networks where stability
> of addresses and forensics capabilities are important.  If I had my way,
> I'd like to see another bit in the router advertisements (like the M & O
> bits) that says "do not use privacy addresses", or something like that,
> rather than having to convince all my users and sys admins to disable it
> manually on every Windows system.

Not that this is the forum, but if we were going to design something
like that I would prefer a flag that said 'use your "real" address on
the internal network, and a privacy address for the cloud' in the mix
somewhere.


Doug

More information about the ipv6-ops mailing list