Hello Alper,I have CC-ed namedroppers on my reply. There is quite some collective history there.
My "no-hats" reply is below, I am sure there are colleagues that will correct me when I am wrong.
--Olaf On Dec 5, 2005, at 23:22 , Alper Yegin wrote:
Dear DNSEXT WG chairs,As part of the Mobile IPv6 Bootstrapping solution (*), the MIP6 WG is discussing “IP address ownership” issue around the use of RFC2136.When an IP address is dynamically assigned to a mobile node, there needs to be a dynamic update to the DNS using RFC2136.We’d like to ask your and DNS community’s opinion on one thing though: IP address ownership issue.Isn’t a client registering some other node’s IP address as its own via RFC2136 an issue? RFC2136 does not seem to care about this “IP address ownership” issue. Was this ever considered? Is there any new work/discussions on this matter?Regards, Alper (*) http://ietf.org/internet-drafts/draft-ietf-mip6-bootstrap-ps-03.txthttp://ietf.org/internet-drafts/draft-ietf-mip6-bootstrapping- split-01.txt
First an aside, "IP-ownership" is tricky terminology. The DHCP community uses the term "lease" which, IMHO, better reflects that an IP assignment is not for infinity.
In general the DNS allows maintenance of certain zones to be delegated for technical managerial responsibility (which name servers serve the zone, reflected in the NS RR set) as well as the responsibility for the zones content (reflected through the SOA RR).
The "content manager" is responsible for the content of the zone and will therefore need to grant certain parties the authority to update the (reverse) DNS.
RFC2136 provides a hook for a client that has been granted authority to update content to actually add, delete and modify using the DNS protocol. RFC2136 uses "Primary Master" to describe which of the name servers can be used for content management. (reflected to the MNAME in the SOA). The authentication mechanisms used in this context are TSIG and SIG0 but the authorization is still a local policy, managed outside protocol. For one popular implementation the authorization is done through configuration files.
It is completely local policy to which client this authority granted. So to answer the question:
Isn’t a client registering some other node’s IP address as its own via RFC2136 an issue? RFC2136 does not seem to care about this “IP address ownership” issue. Was this ever considered?Indeed, RFC2136 is completely ambivalent about the zone content and assumes that the authorization of who is allowed to update a certain zone is done "elsewhere".
Skimming the MIP6 draft I see a lot of parties involved; I have not read the drafts in enough detail to give sound input. Let me know if that is needed at this time.
--Olaf ----------------------------------------------------------- Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/
Attachment:
PGP.sig
Description: This is a digitally signed message part