Hello,
Since 2005, we are manually managing a /48 IPv6 prefix with a homemade
software, our reverse zone is x.x.x.x.0.6.6.0.1.0.0.2.ip6.arpa.
We are now deploying dynamic/private networks for our workstations and
to keep the IPv6 reverse zone up-to-date without rewriting our software,
we came with the following solution : we create a /64 zone within the
/48 and we allow dynamic updates on it (e.g.
0.0.1.0.x.x.x.x.0.6.6.0.1.0.0.2.ip6.arpa.).
The PTR records on the dynamic /64 are for workstations, we don't do
delegation with the /48 and so the /64 is not visible on our external
view, this keeps our "private" prefix private.
As far as our software won't create PTR on a dynamic /64 and that the
DHCP server isn't allowed to update the /48, is this setup can be
considered safe?
It's working exactly as expected and I'm about to create dozens of /64
IPv6 reverse zones, so I'm checking here in case I forgot something.
Regards,
Nicolas
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
