To:
Ralph Droms <rdroms@cisco.com>
CC:
dnsop@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Thu, 06 Nov 2003 23:00:59 +0900
In-Reply-To:
<4.3.2.7.2.20031105223539.04ea6928@flask.cisco.com>
Sender:
owner-dnsop@cafax.se
User-Agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
Subject:
Re: How IPv6 host gets DNS address
Ralph; > Your use of English was almost too subtle for me. That has been my problem as a non-native user of English that I'm glad to be able to be a source of the problem. :-) However, in this case, it is merely a technical issue that I am and you should be keen against dumb word of "stateless". Stateless autoconfiguration has damaged protocols such as MIPv6 to be useless. > So, rather than assuming stateless address > autoconfiguration and trying to solve the PTR record population problem, we > should solve the PTR problem by picking the right address configuration > process. There is no stateless address autoconfiguration with PTR record population problem. See below. > I believe there are some sites who have come to the conclusion that DHCPv6 > address assignment is the right deployment model, exactly because it avoids > the PTR record problem as well as giving network administrators reliable > information about mappings between devices and IPv6 addresses. With ND, neither routers nor hosts can register PTR of reverse domain. But, I'm afraid you don't see the other half of the problem. Reverse domain registration is meaningful if and only if forward domain is properly registered. To let a host register its autoconfigured address to the forward domain, the host must be configured with cryptographic key information for dynamic update of the forward domain, which means the host is stateful. So called "stateless autocnfiguration" is a mechanism imitating features of poor IPX or windows and is mostly useless except for a small (single link) private IP network isolated from the Internet that it should not have affected protocols designed primarily for the Internet, such as IPv6 or MIPv6, so badly. PS I wrote DHCP, not necessariry DHCPv6 as is, as the latter is a little too much bloated with a meaningless feature of authentication. Misconfiguration occurs often on servers with proper authentication key. Not giving out addresses does not prevent attackers copy assigned addresses of other hosts. #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.