Subject: Re: [renum] [DNSOP] Dynamic DNS Update Deployment?? Date: Tue, Aug 16, 2011 at 08:19:21AM +1200 Quoting Brian E Carpenter (brian.e.carpen...@gmail.com): > On 2011-08-16 05:55, Ted Lemon wrote: > > On Aug 15, 2011, at 1:26 AM, Leo Liu(bing) wrote: > > Thanks for the info, that's quite helpful. So can we assume that > > Windows-based DNS systems have been widely deployed rfc3007? > > > > This is kind of a bizarre conversation. DDNS use is widespread in > > environments that support DHCPv4, although it is by no means pervasive. > > It's not a Windows thing—it's generally done by DHCP servers, not DHCP > > clients. DNS update by clients is somewhat rare, although it is supported > > by Windows. Unfortunately Apple has chosen not to support it, but in > > practice it's not important because key distribution for DNS updates is > > such a big problem that it usually doesn't make sense to do it from end > > nodes—only from servers. > > In the context of the 6renum WG, that is a very important point. > We need to figure out the best way to automate the DNS > consequences of adding a new IPv6 prefix, or removing an old > one, in all or part of an enterprise network. So we need to > understand how it interacts with DHCPv6. Basically I think > you're saying that in real life we can't expect end hosts to be > responsible for their own DNS updates when renumbered, because > that requires an unreasonable key distribution mechanism.
Unless that's been taken care of -- the Active Directory model does work. And, since the authority for forward and reverse may vary, forward updates is better dealt with by the client (think mobile client that wants its domain name with any IP address), while reverse is best performed by the address authority, ie. DHCP(v6) server. The paper/how-to that came out of a RIPE meeting workshop some years ago details this division of work quite nicely. http://www.ops.ietf.org/dns/dynupd/secure-ddns-howto.html -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Give them RADAR-GUIDED SKEE-BALL LANES and VELVEETA BURRITOS!!
signature.asc
Description: Digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
