In message <20110815203453.gh26...@besserwisser.org>, =?utf-8?B?TcOlbnM=?= Nils son writes: > Subject: Re: [renum] [DNSOP] Dynamic DNS Update Deployment?? Date: Tue, Aug= > 16, 2011 at 08:19:21AM +1200 Quoting Brian E Carpenter (brian.e.carpenter@= > gmail.com): > > On 2011-08-16 05:55, Ted Lemon wrote: > > > On Aug 15, 2011, at 1:26 AM, Leo Liu(bing) wrote: > > > Thanks for the info, that's quite helpful. So can we assume that Window= > s-based DNS systems have been widely deployed rfc3007? > > >=20 > > > This is kind of a bizarre conversation. DDNS use is widespread in env= > ironments that support DHCPv4, although it is by no means pervasive. It's= > not a Windows thing=E2=80=94it's generally done by DHCP servers, not DHCP = > clients. DNS update by clients is somewhat rare, although it is supported= > by Windows. Unfortunately Apple has chosen not to support it, but in pra= > ctice it's not important because key distribution for DNS updates is such a= > big problem that it usually doesn't make sense to do it from end nodes=E2= > =80=94only from servers.
Apple supports TSIG updates. It's just not on by default. http://docs.info.apple.com/article.html?path=Mac/10.6/en/27452.html It also doesn't work when hotels decide that they need to intercept the DNS. > > In the context of the 6renum WG, that is a very important point. > > We need to figure out the best way to automate the DNS > > consequences of adding a new IPv6 prefix, or removing an old > > one, in all or part of an enterprise network. So we need to > > understand how it interacts with DHCPv6. Basically I think > > you're saying that in real life we can't expect end hosts to be > > responsible for their own DNS updates when renumbered, because > > that requires an unreasonable key distribution mechanism. > > Unless that's been taken care of -- the Active Directory model does > work. And, since the authority for forward and reverse may vary, forward up= > dates > is better dealt with by the client (think mobile client that wants its > domain name with any IP address), while reverse is best performed by > the address authority, ie. DHCP(v6) server. The paper/how-to that came > out of a RIPE meeting workshop some years ago details this division of > work quite nicely. > > http://www.ops.ietf.org/dns/dynupd/secure-ddns-howto.html > > --=20 > M=C3=A5ns Nilsson primary/secondary/besserwisser/machina > MN-1334-RIPE +46 705 989668 > Give them RADAR-GUIDED SKEE-BALL LANES and VELVEETA BURRITOS!! > > --k+G3HLlWI7eRTl+h > Content-Type: application/pgp-signature; name="signature.asc" > Content-Description: Digital signature > Content-Disposition: inline > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAk5Jgu0ACgkQ02/pMZDM1cXTXQCeM+JMkXrEc4K/sWOtv6vZ5OjR > GlkAn1o3tE/FewNvGyWUQgTqwG2uvqyp > =Olgz > -----END PGP SIGNATURE----- > > --k+G3HLlWI7eRTl+h-- > > --===============1894226356209510608== > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > > --===============1894226356209510608==-- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop