Re: Is there agreement on ddns (or any such) with autoconfigured hosts?
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Wouter" == Wouter Verhelst <wouter@debian.org> writes:
>> I want to update MYMAC.FOO.ip6.arpa. to PTR to
>> marajade.dasblinkenled.org,
Wouter> Uh, well, that's all nice, but *I* don't want you to. You're
Wouter> still on my network -- at best, I'd allow you to update
Wouter> MAC.FOO.ip6.arpa. to something.guest.grep.be. Or do it for
Wouter> you.
right, thus the trust issue.
That's why a mechanism that let's me do it directly is broken.
Instead, we need to consult. It may be that you would happy doing:
MAC.FOO.ip6.arpa IN PTR marajade.guest.grep.be.
MAC.FOO.ip6.arpa IN PTR marajade.dasblinkenled.org.
>> and perhaps I want to insert an IPSECKEY RR too.
Wouter> I don't grok IPsec (yet); what is the purpose of such an RR?
read rfc4025 :-)
Wouter> Not disturbed by any knowledge on the matter, I don't think
Wouter> you'd want to do that. I'd think you'd establish a trusted
Wouter> connection with your server at home, and use mobile IPv6
Wouter> extensions to make traffic for marajade.dasblinkenled.org be
Wouter> forwarded to something.guest.grep.be. When properly
Wouter> configured and installed, those extensions should allow
Wouter> traffic to go directly to something.guest.grep.be rather
Wouter> than being directed through marajade.dasblinkenled.org,
Wouter> while still having marajade.dasblinkenled.org as the
Wouter> 'destination' address.
Nice theory, but until we have the IPSECKEY RR widely available, it
isn't like that any of the mobile extensions will be trustworthy.
>> That's the problem we are trying to solve. In v4 land, the
>> update is done by the DHCP server, which has a trust relationship
>> with the owner of the IP address range it is handing out.
Wouter> Right. But don't forget that v4 and v6 are not entirely
Wouter> similar under the transport layer. When it comes to
Wouter> assigning addresses, routing, and other similar things, IPv4
Wouter> and IPv6 are wildly different.
We'd like to think that, and I sincerely hope the IETF multi6 WG
eventually proposes significant changes, but there are not at this point
any difference to the transport layer between them.
- --
] Michael Richardson Xelerance Corporation, Ottawa, ON | firewalls [
] mcr @ xelerance.com Now doing IPsec training, see |net architect[
] http://www.sandelman.ca/mcr/ www.xelerance.com/training/ |device driver[
] I'm a dad: http://www.sandelman.ca/lrmr/ [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQsLknYqHRg3pndX9AQHWBwQApAYYH31xj2OkCsah/Ke6nOT6QQB9ON3F
Gy5bVmDKsrOIaCYinQh12J6XWePTj9SEHbWdx8OCScNAamFzsqdxcyJJ9m7vXebl
mOVWOERMWbV9c+OlsmgPnIXW+OmhUsIGk1UKmkPnpZuELSoKXjls8SB4f+XEaheQ
QPFqLAGAVnY=
=etTP
-----END PGP SIGNATURE-----
Reply to: