FW: IPv6 and Dynamic DNS

["Cutler, James R" <james.cutler@eds.com>]

Terry Lambert wrote:

<text omitted
>
In your opinion, what is the proper purpose of reverse
records, if one is not to look them up, or trust their
contents should one be so "foolish" as to look them up?

<text omitted>

What is the rationale for not allowing a machine, granted
a particular address, to set its reverse record?

<text omitted>

Cutler Replied:

In today's network, reverse records are generally created for the
convenience of the network provider. They are useful for simplifying log
analysis, especially for things like sendmail logs and traceroute. In well
controlled networks, reverse records are invaluable for diagnostics for
other application environments. There is nothing "foolish" about this.

Assuming any security implication of reverse resolution, though, would
generally be foolish.

A typical rationale for not allowing a machine to set it's reverse record is
that it is the responsibility of DHCP to do so.  Another is that the network
provider may desire to label the addresses with permanent labels, regardless
of what mobile users may or may not happen to use them.  Again - this is for
the convenience of the network provider. 

Nothing an end user does (which requires a TCP/IP connection) should require
knowledge of either the assigned address or the reverse lookup of the
assigned address.

NOTE.  The position stated above is independent of IPv4 versus IPv6, or even
the address assignment method - it applies to static address assignments as
well.

Conclusion:

It is probably unwise to complicate Stateless Autoconfiguration in IPv6 with
any DNS issues. 

As I understand it, the Draft Standard implicitly assumes some prior
knowledge of destination addresses, or at least a nameserver address. Where
this is not viable, DHCP is always an option for host stack configuration.
The DHCP provider will then make the decision on how and whether to do any
DNS updates at all.