Professional Documents
Culture Documents
139 Ripe 61 RDNS Kzorba Freedman
139 Ripe 61 RDNS Kzorba Freedman
RIPE 61
November 2 1
November 2 1
RIPE 61
2 ! 22
November 2 1
RIPE 61
" ! 22
.ur allocations/
01162123 01152600 01172528 32220021 32202536 32242302 014$052$2$2601 014$065$2$2605 303$324$2$2606 63$028$2$2606 72$026$2$2604 78$384$2$2606 32242621 32262405 32252708 32272626 32022403 75$323$2$2604 74$53$2$2604 51$037$2$2604 14$64$2$2608 3$74$2$2604
Provide authoritative name service for around 329 domains )customers and our o-n+ in-addr$ar(a P"Rs automatically 'enerated by scri(ts for every # record Pre-(o(ulate home$otenet$'r and static$otenet$'r -ith records for our dynamic and static ran'es
November 2 1
RIPE 61
# ! 22
# sin'le customer can have a 646 or 647 assi'nment$ Pre(o(ulation of all (ossible addresses in a ;one is im(ossible$
,hen S<##= is used it is not (ossible to !no- the host address in advance
November 2 1
RIPE 61
$ ! 22
Do -e further need
kzorba@<machine> !"> ho#t kirk.otenet.gr kirk.otenet.gr ha# IP$6 a%%re## 2a02 580 200 100 kzorba@<machine> !"> ho#t 2a02 580 200 100 0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.8. 5.0.2.0.a.2.ip6.arpa %omain name pointer kirk.otenet.gr.
November 2 1 6 ! 22
RIPE 61
November 2 1
RIPE 61
% ! 22
November 2 1
RIPE 61
& ! 22
#((roaches discussed in the document are no res(onse& -ildcard match& various Dynamic DNS solutions& dele'ation and dynamically 'enerate P"R -hen ?ueried )on the fly+
November 2 1
RIPE 61
' ! 22
ISPs could 'enerate P"R records for addresses as they are re?uested$ "he P"R record is 'enerated on demand )from al'orithm+ and cache or (re-(o(ulate the for-ard )####+ entry for the ""< of the P"R$ #dditional (rocessin' load in 'eneral& DoS countermeasures should be de(loyed$ =ould be used in a DNSSE= environment -ith on-thefly si'natures$
November 2 1
RIPE 61
1 ! 22
November 2 1
RIPE 61
11 ! 22
November 2 1
RIPE 61
12 ! 22
PrefiD assi'ned 'iven a -ildcard& sin'le record for the customerAs 'ate-ay .R a set is 'enerated on the fly to cover the -hole (refiD
Removed after-ard -hen lease eD(ires )DB=P+ or user lo's6is lo''ed off )R#DI@S #=="-S".P+
Perha(s tie in authenticated u(dates from your customerAs dele'ated e?ui(ment> )nice to have+
No current im(lementations eDist for IPv6 P"R )sto( me if you !no- of one+
November 2 1
RIPE 61
1" ! 22
0$ = RF re?uests IPv6 <#N PrefiD via = "S to DB=PD$ 3$ DB=PD chec!s = DG and either issues static dele'ated (refiD or from a (refiD-(ool based on customer ty(e 8$ DB=PD informs N# ED via DynDNS of (refiD assi'nment as -ildcard& a sin'le address )'ate-ay+ or an entire set is 'enerated 4$ @ser as!s = RF for lease -hich is assi'ned from dele'ated (refiD 4$ = RF may then u(date N# ED directly for residential leases )by default it u(dates the DNS servers it -as issued via the DB=Pv6 offer+ 6$ once lease has eD(ired& records are removed& alternatively records can be timed out in sync -ith lease of dele'ated (refiD$
= DG
November 2 1
RIPE 61
1# ! 22
0$ Router ma!es PPP call to N#S6R#S& ne'otiates IPv6=P as N=P& N#S6R#S consults R#DI@S 3$ R#DI@S as!s = DG& 'ets transfer (refiD and dele'ated (refiD )if static+ else uses a (ool 8$ N#S6R#S issues %ramed-IPv6-PrefiD to Router )via R#+ and as!s for Static %ramed-Interface-ID of a !no-n value )to (revent router S<##=+& also issues Dele'ated-IPv6-PrefiD in res(onse to Router DB=Pv6 Re?uest$ 4$ R#DI@S #ccountin' record )#cct-Start+ then used to u(date N# ED& %ramed-IPv6-PrefiD )-ith static %ramed-Interface-IDs+ (o(ulated as t(o records in the reverse ;one )@ser E N#S6R#S+$ Dele'ated (refiD as before )-ildcard or eD(anded+
= DG
4$ Router -ill have to ma!e DynDNS u(dates to N# ED itself for its dele'ated (refiD leases 6$ Records removed on #cct-Sto( or timed out if need be
November 2 1
RIPE 61
1$ ! 22
Dele'ation #((roach
56RI7IN 8.b.%.0.1.0.0.2 1.0.0.0 IN N8 n#1..ooc&#tomer.net.
Iery sim(le& ma!e it the customerAs (roblem Not all customers have the s!illset and means to do this
November 2 1
RIPE 61
16 ! 22
,600 RR8I7 4N8:;< 5 2 ,600 201011,02,000, )201010,12,000, 2+161 <#nip> #'ain& for-ard and reverse do not match& if customer reall- has an a((lication that re?uires this& (unch more s(ecific hole as above ana'ement of such holes may be a ne- system to de(loy
November 2 1
RIPE 61
1% ! 22
..e.e.b.%.a.e.%...e.e.b.%.a.e.%.0.0.1.0.1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
November 2 1
RIPE 61
1& ! 22
%or 0/stomer assi1nments6 - in case a customer is lar'e enou'h and has DNS eD(ertise& dele'ate his assi'nment to his nameservers alon' -ith any of his domains and 'et done -ith it
November 2 1
RIPE 61
1' ! 22
#n .(inion )cont$+
In the other cases )'eneral broadband users or cor(orate customers+ (re-(o(ulate i(6$ar(a -ith their assi'nments )646 or somethin'+ usin' -ildcard records$ It -ould be 'reat if the customer )only static>+ has some sort of -eb interface to create records under a s(ecified )for-ard+ subdomain for him e$'$
<c&#tomer>.<%omain=.or=c&#tomer#=here> "he customer could choose to lose the -ildcard record in i(6$ar(a and have P"Rs 'enerated based solely on his #### records$ Else& the #### records he creates create holes in the -ildcard match$
November 2 1
RIPE 61
2 ! 22
Cuestions>
November 2 1
RIPE 61
21 ! 22
References
http >>'''..a?#.org>r.c#>r.c1+12.htm(
http >>too(#.iet..org>htm(>%ra.t"ho'ar%"i#p"ip6r%n#"0*
http >>too(#.iet..org>htm(>%ra.t"iet."%n#op"re$er#e"mapping"con#i%eration#"06
November 2 1
RIPE 61
22 ! 22