On Aug 15, 2011, at 1:19 PM, Brian E Carpenter wrote: We need to figure out the best way to automate the DNS consequences of adding a new IPv6 prefix, or removing an old one, in all or part of an enterprise network. So we need to understand how it interacts with DHCPv6. Basically I think you're saying that in real life we can't expect end hosts to be responsible for their own DNS updates when renumbered, because that requires an unreasonable key distribution mechanism.
End hosts that use Kerberos do have a key distribution model that works, and I _think_ there's an RFC that describes how to do that, but I may be mistaken—it's not really my department. I'd like to see the key problem solved, but as it stands I think Active Directory is the only system that really has it solved.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
