Re: Multiple PTR records

[Shane Kerr <shane@ripe.net>]

Mostly thinking "out loud" here...

On 2001-06-08 17:01:22 +0000, Robert Elz wrote:
> 
>   | OTOH, my understanding of the IPv6 world is, "yes IPv6 numbers are
>   | totally ridiculous, so use DNS for everything".  In such a world,
>   | reverse DNS seems to take on a huge importance.
> 
> You're confusing two issues.   One is the ability to translate numbers
> into names.   The other is "reverse DNS" (really DNS in the
> in-addr.arpa or ip6.int or ip6.arpa zone).
> 
> The latter is commonly used to implement the former, but it certainly
> isn't the only way.

Can you expand on this?  I can think of lots of ways to do this in
theory - some even implemented (e.g. NIS+) - but are any actually used
on the Internet?

> ps: as for managing the DNS for number->name for customers given a
> /48, then one of two things happens - either the customer has a large
> network, in which case they're either going to manage the DNS for
> themselves, or pay you large enough sums that you will be willing to
> do it for them, or they actually only have a very small real network,
> in which case the only real difference from what you do now with IPv4
> is that the names are longer, isn't it?    And of course, there's also
> Dynamic DNS if you want to use it - let the nodes update their own
> entries.

Right now we basically have the case where you have 1 or 3 IP addresses
as an end user, and have little (or no) control over your in-addr.arpa,
or you get a relatively large number of addresses and either manage your
own DNS or your ISP does it.  But I expect we will reach the case in
IPv6 where your typical /48 has maybe a dozen or so devices which come
and go pretty much at random - phones, televisions, computers, radios,
clocks, and so on.  This seems an "uncomfortable" price-point for
administration to me.  It's too many to ignore, but not enough to
justify mechanisms that aren't (nearly-)fully automated.

If accessing these devices is important (and why put them on the
Internet if not), then the fact that IPv6 addresses are extremely
unwieldy (they are) means that they should have names.  If the protocols
used by each device report its name(s), then that's fine, but doesn't it
seem redundant to have to add a "report client name" option to every
protocol rather than allow DNS to provide it?

I imagine for certain kinds of protocols (and all unicast
push-protocols) this information is necessary.  Shouldn't my IP
telephone be able to return your call for me by knowing the name of the
handset you just called from?  (Just an example, please don't strain too
hard to blast obvious holes in it.)

Yes, there is Dynamic DNS - it works pretty good.  I think in a context
of DNSSEC (for IP-based update controls) or TSIG then it might even
work.  Isn't the issue with DDNS on a large scale the problem of key
distribution for whatever security mechanism is proposed?  How do ISP's
get the keys to both their servers and customers in a reliable and secure
fashion?  How do the customers (and I mean everybody, not just IT
professionals) get these keys into not only their PC's, but also all
other connected devices?  How do you avoid "leakage" of these keys over
wireless networks and other unsecure media?  I'm not saying this is
impossible, merely non-trivial and I honestly don't know what's proposed
to handle the issue.

-- 
Shane