Re: IPv6 and DNS

[Steven Bellovin <smb () cs columbia edu>]

On Jun 12, 2011, at 1:46 20PM, Jeff Kell wrote:

> On 6/12/2011 11:44 AM, Matthew Palmer wrote:
> > I don't believe we were talking about DHCPv6, we were talking about SLAAC.
> > And I *still* think it's a better idea for the client to be registering
> > itself in DNS; the host knows what domain(s) it should be part of, and hence
> > which names refer to itself and should be updated with it's new address.
>
> Register with "what/which" DNS?   If no DHCPv6 no DNS information has
> been acquired, so you're doing the magical anycast/multicast.
>
> Not a fan of self-registration, in IPv4 we have DHCP register the DDNS
> update; after all, it just handed out an address for a zone/domain that
> *it* knows for certain. 
>
> The host "knows what domains it should be part of" ??  Perhaps a server
> or a fixed desktop, but otherwise (unless you're a big fan of
> ActiveDirectory anywhere) the domain is relative to the environment you
> just inherited. 
>
> Letting any host register itself in my domain from any address/location
> is scary as heck :) 
Not any host -- hosts you authorize to register in your zone, and give
the proper authentication credentials.  I want my hosts to register in 
my domain, even if they're getting credentials from a random hotel or
hotspot DHCP server.

There are two different models here.  A DHCP server should have the sole
right to register in its affiliated DNS servers (including especially the
inverse map).  A host should have the right -- not necessarily the sole
right -- to register in a forward tree.


                --Steve Bellovin, https://www.cs.columbia.edu/~smb