IPv6 and DNS for the residential service provider
Leegaard, Lasse
lasse at intl.att.com
Tue Sep 25 23:59:07 CEST 2012
> People who enable privacy extensions do not want reverse DNS.
>
> People who want reverse DNS disable privacy extensions, as those
> people already realize that organizations that track do it with
> different methods (the /64 it is from, the /48 it is from or cookies and
> lots of other ways they already track people behind vast NATs, eg behavior etc).
>
> Greets,
> Jeroen
For IPv4 some providers do generic hostnames for all the v4 space that does not have a specific reverse DNS entry assigned (like generic-hostname-034-dsl201.provider.com). This is doable in v4 because of the low amount of addresses.
That means that if you don't do anything you have reverse DNS and some things are speedier because of it - and some show commands are definitely prettier because they do not show an IP address. For Ipv6 this last item becomes more of an issue.
Personally I'd like to see a behavior for IPv6 along the lines of:
- When I get a /48 or /56 for my CPE my provider would resolve everything from that /48 or /56 into something like generic-hostname-74B5-dsl.provider.com (the number could be anything - subnet number within their /32, customer ID, next ID in line.)
- If I want to make entries for specific servers or machines I can make those. If I want to use privacy extensions I can do that.
- It can be further distilled into making a generic reverse resolution pr /64
-Naturally I'd want to be able to change all thins on the self service portal - but that is a bit besides the general point.
I guess I am looking for a DNS server that can do a wildcard reverse resolution that can be overridden with more specific subnet and hosts entries.
Does anyone know of a DNS server that can do this? Or one that would be able to do it with relative little effort?
Oh and if we could please stop using the reverse dot notation in the config files that would be great too. The long unreadable file names for IPv6 are ridiculous. If anyone has a time machine can we please use it to go back in time and fix this?!
--
Lasse Leegaard
More information about the ipv6-ops
mailing list