In message <20110815203453.gh26...@besserwisser.org>, =?utf-8?B?TcOlbnM=?= Nils
son writes:
> Subject: Re: [renum] [DNSOP] Dynamic DNS Update Deployment?? Date: Tue, Aug=
>  16, 2011 at 08:19:21AM +1200 Quoting Brian E Carpenter (brian.e.carpenter@=
> gmail.com):
> > On 2011-08-16 05:55, Ted Lemon wrote:
> > > On Aug 15, 2011, at 1:26 AM, Leo Liu(bing) wrote:
> > > Thanks for the info, that's quite helpful. So can we assume that Window=
> s-based DNS systems have been widely deployed rfc3007?
> > >=20
> > > This is kind of a bizarre conversation.   DDNS use is widespread in env=
> ironments that support DHCPv4, although it is by no means pervasive.   It's=
>  not a Windows thing=E2=80=94it's generally done by DHCP servers, not DHCP =
> clients.   DNS update by clients is somewhat rare, although it is supported=
>  by Windows.   Unfortunately Apple has chosen not to support it, but in pra=
> ctice it's not important because key distribution for DNS updates is such a=
>  big problem that it usually doesn't make sense to do it from end nodes=E2=
> =80=94only from servers.

Apple supports TSIG updates.  It's just not on by default.

http://docs.info.apple.com/article.html?path=Mac/10.6/en/27452.html

It also doesn't work when hotels decide that they need to intercept
the DNS.

> > In the context of the 6renum WG, that is a very important point.
> > We need to figure out the best way to automate the DNS
> > consequences of adding a new IPv6 prefix, or removing an old
> > one, in all or part of an enterprise network. So we need to
> > understand how it interacts with DHCPv6. Basically I think
> > you're saying that in real life we can't expect end hosts to be
> > responsible for their own DNS updates when renumbered, because
> > that requires an unreasonable key distribution mechanism.
> 
> Unless that's been taken care of -- the Active Directory model does
> work. And, since the authority for forward and reverse may vary, forward up=
> dates
> is better dealt with by the client (think mobile client that wants its
> domain name with any IP address), while reverse is best performed by
> the address authority, ie. DHCP(v6) server. The paper/how-to that came
> out of a RIPE meeting workshop some years ago details this division of
> work quite nicely.
> 
> http://www.ops.ietf.org/dns/dynupd/secure-ddns-howto.html
> 
> --=20
> M=C3=A5ns Nilsson     primary/secondary/besserwisser/machina
> MN-1334-RIPE                             +46 705 989668
> Give them RADAR-GUIDED SKEE-BALL LANES and VELVEETA BURRITOS!!
> 
> --k+G3HLlWI7eRTl+h
> Content-Type: application/pgp-signature; name="signature.asc"
> Content-Description: Digital signature
> Content-Disposition: inline
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> 
> iEYEARECAAYFAk5Jgu0ACgkQ02/pMZDM1cXTXQCeM+JMkXrEc4K/sWOtv6vZ5OjR
> GlkAn1o3tE/FewNvGyWUQgTqwG2uvqyp
> =Olgz
> -----END PGP SIGNATURE-----
> 
> --k+G3HLlWI7eRTl+h--
> 
> --===============1894226356209510608==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
> 
> --===============1894226356209510608==--
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: ma...@isc.org
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to