[6bone] Re: reverse 6dns painful
Michael Kjorling
michael at kjorling.com
Mon Feb 16 02:27:49 PST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Feb 16 2004, paul at clubi.ie wrote:
> > updating every single DNS server out there,
>
> Has to be done anyway for AAAA surely?
Only on the two ends of the DNS server chain, because the intermediate (at
the ISPs, for example) resolvers have no reason to care what RRtype you are
asking for: all they need to do is to pass the query on, and then pass the
response back when they receive it, or respond to the query with delegation
information for the zone. You'd need to update your resolver to even know how
to ask for AAAA records, and the administrator of the remote DNS server would
need to update it to be able to insert them into the zone. Exactly the same
goes for bitstring labels, so no difference there.
On the other hand, when implementing bitstring labels you change the basic
query format, which means that DNS servers and resolvers which do not
understand a bitstring label is going to return the query as malformed,
resulting in a SERVFAIL response to the client's query. That is regardless of
where in the chain this non-bitlabel-compatible name server is: close to the
top of the delegation chain, or near the site that hosts the reverse zone for
the address in question.
> Allows bit-granular delegation, without requiring (potentially)
> tonnes of additional indirection records.
Hmmmm... nibble-based delegation covers for a four-bit slice of the address
spectrum per label. The worst possible scenario where bitlabels could help
would be that you are allocating half of that (say, a /45, which is the
equivalent of eight [2^{48-45}] /48s) to one client, and the remaining /48s
to other clients. Unless I am mistaken, that would necessite setting up 16
delegations for nine clients. Bitlabels would at most cut this to nine -
seven fewer delegations for what is probably a quite unusual case.
Front-end scripts can do the dirty work easily (or BIND's $GENERATE directive
can also help a little), and frankly, how common are such odd-bit delegations
in the real world? To me at least, it seems as though breaking IPv6 reverse
DNS for those who happen to have an ISP who has not yet updated their
recursive DNS servers to support a new query format, or queries any server
which hasn't in the process of resolving the address, is a poor compromise.
Just my 2/100 of a currency unit of your choice.
- --
Michael Kjörling - michael at kjorling.com - SM0YBY QTH JO89XI ^..^
OpenPGP: 3723 9372 c245 d6a8 18a6 36ac 758f 8749 bde9 ada6 \/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAMJspdY+HSb3praYRAgbiAKCrcfScmFF9l+LGRv5TmSV5YPoLhgCgkzb6
5v9lUWfxYGTSbEmOVMxFzVA=
=1sYl
-----END PGP SIGNATURE-----
More information about the 6bone
mailing list