Re: IPv6 and Dynamic DNS

[Andrew Brown <namedroppers@lists.graffiti.com>]

>If a guest machine auto-configures on some net, it will presumably
>have a key that gives it authority to update its forward address
>record.  This could be a TSIG secret key shared with the primary
>server of its forward name zone, but, since this is an infrequent
>operation so efficiency is not that important, I would think the
>higher security of using a public key and signing the update of the
>forward address RR(s) with a SIG is the way to go. Or, of course, you
>can just use TKEY to set up a temporary TSIG key securely based on the
>public key although this adds at least one round trip.

which makes sense, and i was about to come up with that.  :)

>Now we get to updating the inverse zone.  There is basicly the
>non-crypto and the crypo say of going about it.

(hoping that i'm not just summarizing an earlier posting) presumably
the dhcp server would have authority (via a shared key, etc.) to
update the inverse zone...

given that, if, once the mobile host (a) has acquired an address an
(b) has updated its forward zone, could it not then tell the dhcp
server what it wanted its name to be?  then the dhcp server could
check for the forward mapping to see if it matched the address it just
handed out, and, upon a match, update the reverse.

of course...it might involve a little cache busting on the part of the
dhcp server's forward query if the mobile host is moving around a lot.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."