IPv6 and DNS for the residential service provider

Jeroen Massar jeroen at unfix.org
Tue Sep 25 19:56:36 CEST 2012 

On 2012-09-25 15:20 , Philipp Kern wrote:
> On Tue, Sep 25, 2012 at 03:10:02PM +0200, Jeroen Massar wrote:
>> On 2012-09-25 14:48, Bjørn Mork wrote:
>>> Jeroen Massar <jeroen at unfix.org> writes:
>>>> On 2012-09-25 11:44, Ole Trøan wrote:
>>>>> there is a recurring question being asked though... and that is "do
>>>>> we really need reverse DNS for IPv6?"
>>>> Yes, because IPv6 addresses look really ugly in 'who' output...
>>> Maybe.  But a little less ugly than any autogenerated name, IMHO.
>> One can generate them from a dictionary as we used to have for
>> Takeover.nl back in the day, but of course that means that at one point
>> you run out of words when somebody attacks your scanner.
> 
> And how do they remain stable so that they still convey a meaning to the
> observer? (Which seems to have been your argument in the first place. Please
> correct me if I misunderstood you.)

You register them, first time, first see.

Simple algo in the DNS server:

 if (query ends in .auto.example.net)
 {
     answer = lookup_name(query);
     if (answer) return answer;
     return NXDOMAIN;
 }
 if (query ends in 8.b.d.0.1.0.0.2.ip6.arpa)
 {
     addr = reverse_to_addr(query);

     answer = lookup_addr(addr);
     if (answer) return answer;

     /* Check if address was ever really alive */
     if (!addr_ever_alive()) return NXDOMAIN;

     /* Pick new name from dictionary */
     name = pickfromdictionary();
     register(addr, name, expiry_in_5_weeks);
     return name;
 }

 return NXDOMAIN;

>> Indeed if the reverse is based on the address it will be ugly too,
>> though it would have a little value as the domain they are put under
>> would indicate the ISP/organization (which can be found with whois
>> likely too though).
> 
> That's my point why we don't necessarily need it.

I don't see your point.

Whois is for CONTACT and allocation information and typically is badly
filled in (just check how many /32s do not have a single inet6num below
them) Reverse is for identifying single hosts.

Different problems need different solutions.

Greets,
 Jeroen

More information about the ipv6-ops mailing list