Dynamic DNS update on Windows for IPv6 was: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC 3681 on Delegation of E.F.F.3.IP6.ARPA

Jeroen Massar jeroen at unfix.org
Sat Feb 14 04:14:10 PST 2004 

-----BEGIN PGP SIGNED MESSAGE-----

'Anand Kumria' [mailto:wildfire at progsoc.uts.edu.au] wrote:

> On Mon, Feb 09, 2004 at 03:18:10AM +0100, Jeroen Massar wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > Anand Kumria wrote:
> >
> > FYI: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
> > Using a little scripting I have also made a Windows version,
> > sporting IPv6 support thus everything is possible. 
> 
> If it isn't a problem, I'd actually be interested in seeing 
> the script.
> It is something I've been meaning to look at but haven't 
> found the time for us.

Just convert the unix stuff into NT stuff by adding some magick ;)
See http://unfix.org/~jeroen/archive/Windows_DynamicDNS_Update.zip

One will only need to covert the keys as mentioned above and
change the config of course* ;)

> > There should be a document, which probably needs to be created as
> > I haven't seen one yet, defining how to make this all work, nice job
> > for the IETF v6ops group. A nice scenario on what to delegate to end
> > users and how endusers can easily populate it.
> 
> Well most time when I speak to ISPs the people there only make use of
> reverse DNS for:
> 	a. network diagnostic
> 	b. address description
> 
> The most common complaint I hear is that they'd love a way to 
> identify a particular IP (or set thereof) as being 'webcaches' and not 
> DoS machines, etc.

webcache01.isp.example.net
webcache02.isp.example.net
webcache03.isp.example.net
webcache04.isp.example.net
webcache05.isp.example.net

People can lookup real contact information in whois.

> > Another solution would be to have synthesis in DNS. There is a
> > special ICMPv6 which can be used to query a host for it's hostname.
> > 
> > See draft-ietf-ipngwg-icmp-name-lookups-10.txt, though I don't know
> > the exact status, KAME stacks have it, from ping6 man on BSD:
> > 8<-----------
> >      -w      Generate ICMPv6 Node Information DNS Name query, rather than
> >              echo-request.  -s has no effect if -w is specified.
> > - ----------->8
> > 
> > Thus:
> > jeroen at bfib:~$ ping6 -v -w hog
> > PING6(72=40+8+24 bytes) 2001:7b8:3:1e:290:27ff:fe0c:5c5e --> 2001:7b8:3:17:203:47ff:fe3b:3138
> > 33 bytes from 2001:7b8:3:17:203:47ff:fe3b:3138: hog.ipng.nl. (TTL=0:meaningless)
> > 33 bytes from 2001:7b8:3:17:203:47ff:fe3b:3138: hog.ipng.nl. (TTL=0:meaningless)
> > <SNIP>
> 
> Interesting, I wonder how that interacts with link-local names ...

That is why it is still in draft status ;)
Anyways, it _always_ returns the 'hostname' as configured on
the machine itself, which doesn't need to be the same in the
forward zone, which will probably nicely point to it's global
ipv6 address.

> > The brave new world over here (Europe) works quite well, we simply
> > don't use 6bone that much anymore thus have been happily using
> > RIPE's ip6.int + ip6.arpa delegations. 
> 
> Of course, you are in Europe and have a reasonable RIR. Over here we
> have APNIC. Worse, in .au very few ISPs have been experimenting with
> IPv6. 

RIR's listen to their membership, thus call your vote at the meetings
and the mailinglists if you don't like them and don't forget one very
important thing: arguments. The above is as stupid as saying that
"Bush is dumb". Which Bush and above all why is he dumb?
<starts hiding from CIA/FBI/NSA/....> (which CIA/FBI/NSA :)

Personally, seeing the responses from APNIC staff on messages I
sent I would say that they where doing just a good a job as RIPE.

> Most of them have only begun recently, and the those that 
> aren't listed
> at <URL: http://www.sixxs.net/tools/grh/tla/all/?country=au> have an
> allocation within the Trumpet netblock (a few through me).

Then educate those ISP's... that is what we have been doing in .nl
all the time and that *without* a "IPv6 Task Force" aka European
Commission stuffed money. They are actually talking about making
a TF for Holland, though I wonder why, probably just some bureaucratic
way of getting rid of my tax money. Don't blame APNIC that the ISP's
in their region don't think of the future.

Btw if they need a hand, we don't run SixXS for nothing, it is not
only for Europe I might add...

> > ISP's doing the real thing
> > have already switched to RIR space a long time ago, usually after
> > having quite an extensive and happy testing time on the 6bone.
> 
> Since you can't get 6bone addresses any longer you are obliged to deal
> with your RIR (and few ISPs enjoy dealing with APNIC) or 
> someone with an existing delegation.

Of course you can still 'get', and use, for that matter, 6bone addresses,
though no pTLA's. Also APNIC has special 'experimentation' space if
you require that.

Either way, pay APNIC their rates and fill in the forms, compying to
them and they will be *glad* to give ISP's IPv6 space. ISP's do have
to do a bit of work for it though and actually use it naturally.

Greets,
 Jeroen

(Specially for the people who noted my consequent fault at writing 'of course':
* = see see I added a space in between 'of' and 'course' ;)

-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / http://unfix.org/~jeroen

iQA+AwUBQC4RESmqKFIzPnwjEQIljACcDwy/V56vPkdaaTutDkAO3X60A38AmKnH
LW2hxSHCN9yIDHyo2OJltcY=
=+nDT
-----END PGP SIGNATURE-----

More information about the 6bone mailing list