On 2011-08-16 14:12, Sheng Jiang wrote: >> -----Original Message----- >> From: renum-boun...@ietf.org [mailto:renum-boun...@ietf.org] On Behalf >> Of Brian E Carpenter >> Sent: Tuesday, August 16, 2011 4:19 AM >> To: Ted Lemon >> Cc: dnsop@ietf.org; Måns Nilsson; re...@ietf.org >> Subject: Re: [renum] [DNSOP] Dynamic DNS Update Deployment?? >> >> On 2011-08-16 05:55, Ted Lemon wrote: >>> On Aug 15, 2011, at 1:26 AM, Leo Liu(bing) wrote: >>> Thanks for the info, that's quite helpful. So can we assume that >> Windows-based DNS systems have been widely deployed rfc3007? >>> This is kind of a bizarre conversation. DDNS use is widespread in >> environments that support DHCPv4, although it is by no means pervasive. >> It's not a Windows thing—it's generally done by DHCP servers, not DHCP >> clients. DNS update by clients is somewhat rare, although it is >> supported by Windows. Unfortunately Apple has chosen not to support >> it, but in practice it's not important because key distribution for DNS >> updates is such a big problem that it usually doesn't make sense to do >> it from end nodes—only from servers. >> >> In the context of the 6renum WG, that is a very important point. >> We need to figure out the best way to automate the DNS >> consequences of adding a new IPv6 prefix, or removing an old >> one, in all or part of an enterprise network. So we need to >> understand how it interacts with DHCPv6. Basically I think >> you're saying that in real life we can't expect end hosts to be >> responsible for their own DNS updates when renumbered, because >> that requires an unreasonable key distribution mechanism. > > There is another mechanism can work out: in renumbering case, renumbered > end-hosts need to registry (we are now defining this in DHC WG) their new > addresses to registration server, which can be DHCPv6 server. After that, it > is DHCPv6 server's work to update correspondent DNS records. This can be > complete using the existing protocols.
As long as that process is at least as secure as DNSSEC, so that DNSSEC is not compromised, that is certainly an alternative. However, it makes DHCPv6 mandatory for automatic renumbering. That may be a "political" decision as well as a technical one. Brian _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
