[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 and Dynamic DNS

To: terry@whistle.com
Subject: Re: IPv6 and Dynamic DNS
From: Jerry Scharf <scharf@vix.com>
Date: Wed, 4 Aug 1999 12:14:12 -0700 (PDT)
Cc: namedroppers@internic.net

Terry,

It is trivial for anyone in the path to reply with a packet before one
of th real nameservers do, and put any content they want in it. This is
one of the main reasons for the entire DNSSEC effort. It's a feature of
the current DNS design, so looking to it for security is just bad.

Second, the problem with dealing with dynamic update of both the forward
and reverse records is that they have dramatically different ownership
models. My name belongs to me, but the IP address belongs to the DHCP
server. So do I give the DHCP server proxy rights to update my name (bad),
give me the proxy rights to update the reverse (worse), have two
independent actions that are not guaranteed to be in synch (bad) or
punt one of the directions (bad).

Discussing this without bringing folks from the DHCP group in is probably
not a completely useful use of bandwidth. I know they have discussed this
issue many times and need to be part of any final solution.

jerry

Prev by Date: Re: IPv6 and Dynamic DNS
Next by Date: Re: IPv6 and Dynamic DNS
Prev by thread: Re: IPv6 and Dynamic DNS
Next by thread: Re: IPv6 and Dynamic DNS
Index(es):
- Date
- Thread