On Tue, Jun 28, 2005 at 03:21:19PM -0400, Michael Richardson wrote: > >>>>> "Wouter" == Wouter Verhelst <wouter@debian.org> writes: > Wouter> Not that I know of. However, seen the fact that MAC > Wouter> addresses don't usually change, I'd say it's fair to assume > Wouter> your autoconfigured hosts won't, either -- unless you use > Wouter> the privacy extensions, which I personally don't. > > Wouter> I manage them as if they were configured statically. > > Let's say that I show up at your house with my laptop. Right. You pay the plane ticket, though ;-) > I turn it on, to a RS, and see your RA. I now have FOO:MYMAC as my IP. Right. > I want to update MYMAC.FOO.ip6.arpa. to PTR to marajade.dasblinkenled.org, Uh, well, that's all nice, but *I* don't want you to. You're still on my network -- at best, I'd allow you to update MAC.FOO.ip6.arpa. to something.guest.grep.be. Or do it for you. > and perhaps I want to insert an IPSECKEY RR too. I don't grok IPsec (yet); what is the purpose of such an RR? Not disturbed by any knowledge on the matter, I don't think you'd want to do that. I'd think you'd establish a trusted connection with your server at home, and use mobile IPv6 extensions to make traffic for marajade.dasblinkenled.org be forwarded to something.guest.grep.be. When properly configured and installed, those extensions should allow traffic to go directly to something.guest.grep.be rather than being directed through marajade.dasblinkenled.org, while still having marajade.dasblinkenled.org as the 'destination' address. This would appear to be much cleaner, IMAO. > (I already updated marajade.dasblinkenled.org IN AAAA to FOO:MYMAC. But, > I already have a trust relationship with the owner of > dasblinkenled.org..) > > That's the problem we are trying to solve. > In v4 land, the update is done by the DHCP server, which has a trust > relationship with the owner of the IP address range it is handing out. Right. But don't forget that v4 and v6 are not entirely similar under the transport layer. When it comes to assigning addresses, routing, and other similar things, IPv4 and IPv6 are wildly different. There is a DHCP specification for IPv6; but AIUI, that's only useful if you want to configure more than an IP address and a router on your client, or if you want stateful autoconfiguration for some reason. I don't think it's appropriate for stuff like what you're proposing -- but then, I could be missing something. -- The amount of time between slipping on the peel and landing on the pavement is precisely one bananosecond
Attachment:
signature.asc
Description: Digital signature