IPv6 and DNS for the residential service provider
Grant Moritz
sectorx4 at gmail.com
Tue Sep 25 08:56:46 CEST 2012
Heres how it was done at my place or work by one of our engineers.
http://users.on.net/~rmibus/pymds/
On Tuesday, September 25, 2012, Marco d'Itri wrote:
> On Sep 25, Tony Finch <dot at dotat.at <javascript:;>> wrote:
>
> > > With BIND you can easily limit non-authenticated updates to the IP
> > > itself or to the network. This is not perfect, but it may be good
> enough
> > > for consumer networks.
> > In particular the tcp-self option is relatively tricky to spoof.
> >
> ftp://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#dynamic_update_policies
> It is provably impossible to spoof if your network is designed correctly
> (customers are not able to spoof other customers and no packets from
> your own address space are accepted from the outside).
> The problem with self-ip authorization is that on multiuser systems
> any unautorized non-priviledged user could change the rDNS unless
> precations (UID-based filtering) are taken.
> But I believe that this is a reasonable tradeoff for consumer networks.
>
> --
> ciao,
> Marco
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20120925/6ac1ce8b/attachment.htm>
More information about the ipv6-ops
mailing list