IPv6 and DNS for the residential service provider
Jeroen Massar
jeroen at unfix.org
Tue Sep 25 19:56:36 CEST 2012
On 2012-09-25 15:20 , Philipp Kern wrote:
> On Tue, Sep 25, 2012 at 03:10:02PM +0200, Jeroen Massar wrote:
>> On 2012-09-25 14:48, Bjørn Mork wrote:
>>> Jeroen Massar <jeroen at unfix.org> writes:
>>>> On 2012-09-25 11:44, Ole Trøan wrote:
>>>>> there is a recurring question being asked though... and that is "do
>>>>> we really need reverse DNS for IPv6?"
>>>> Yes, because IPv6 addresses look really ugly in 'who' output...
>>> Maybe. But a little less ugly than any autogenerated name, IMHO.
>> One can generate them from a dictionary as we used to have for
>> Takeover.nl back in the day, but of course that means that at one point
>> you run out of words when somebody attacks your scanner.
>
> And how do they remain stable so that they still convey a meaning to the
> observer? (Which seems to have been your argument in the first place. Please
> correct me if I misunderstood you.)
You register them, first time, first see.
Simple algo in the DNS server:
if (query ends in .auto.example.net)
{
answer = lookup_name(query);
if (answer) return answer;
return NXDOMAIN;
}
if (query ends in 8.b.d.0.1.0.0.2.ip6.arpa)
{
addr = reverse_to_addr(query);
answer = lookup_addr(addr);
if (answer) return answer;
/* Check if address was ever really alive */
if (!addr_ever_alive()) return NXDOMAIN;
/* Pick new name from dictionary */
name = pickfromdictionary();
register(addr, name, expiry_in_5_weeks);
return name;
}
return NXDOMAIN;
>> Indeed if the reverse is based on the address it will be ugly too,
>> though it would have a little value as the domain they are put under
>> would indicate the ISP/organization (which can be found with whois
>> likely too though).
>
> That's my point why we don't necessarily need it.
I don't see your point.
Whois is for CONTACT and allocation information and typically is badly
filled in (just check how many /32s do not have a single inet6num below
them) Reverse is for identifying single hosts.
Different problems need different solutions.
Greets,
Jeroen
More information about the ipv6-ops
mailing list