Re: automatic reverse and forwarding zones

Thu, 27 Oct 2022 12:10:18 -0700 

On 10/27/22 11:23 AM, Marco wrote:

It isn't, because a customer gets /48 or /56 in most cases.


"For example one of their clients has the IP 2001:db::3." is a singular IP.


The customer's router can use various methods to assign addresses, auto 
configuration and DHCPv6.


Agreed.

However that's contrary to the example in your original message.


If the ISP wants to provide reverse zone for all possible addresses 
(ISP doesn't know which one of the assigned are used by the customer), 
it must have all reverse zones on their zone file or dynamically 
create them when a DNS server receives a request.



As others have indicated, populating reverse zone file(s) with 
2^(128-48) records is a non-starter and tantamount to a DoS.



The ISP could delegate the /48 if it was to another provider that ran 
their own DNS server.  But that's not likely the scenario with Prefix 
Delegation.



/If/ I needed to populate any significant portion of an ip6.arpa zone I 
would probably look at seeing if I could leverage Dynamically Loadable 
Zones [1] & [2] to pull content from an external ""database on an 
as-needed basis.



I've glanced at DLZ a handfull of times but have never used it.  Every 
time that I do, I gravitate towards the Stub (sample) [3] and wonder if 
I can (ab)use it to create something that will allow me to run a command 
(program / script / etc.) that will create synthetic records w/o needing 
to populate them in a database.



N.B. I consider DLZ to be for BIND to be much like the Milter API is for 
Sendmail / Postfix; e.g. a way to call out to something else to do 
something with the request.



Aside:  I do question what you would populate the /48 ~ /56 ip6.arpa 
zone with.  What hypothetical data would you put in it?  If it's PD to 
an end user, what information would the ISP put in there that wouldn't 
be confidential or potentially reveal that any and all IPs in that 
prefix belong to a customer w/o also identifying the customer?


[1] https://kb.isc.org/docs/aa-00995
[2] https://bind-dlz.sourceforge.net/
[3] https://bind-dlz.sourceforge.net/stub_driver.html



--
Grant. . . .
unix || die




Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users























					Reply via email to