DNS Update failing on AAAA
David W. Hankins
David_Hankins at isc.org
Wed Oct 18 21:32:07 UTC 2006
On Thu, Oct 19, 2006 at 10:14:50AM +1300, Eustace, Glen wrote:
> Whilst IPv4 and IPv6 may be transported over the same infrastructure
> they are distinct protocols. We have no solution for supporting dynamic
> IPv6 DHCP (not provided in ISC dhcpd - hint) so we are having to
> statically assign the addresses both in the DNS and on the client.
Ah, but the interim ddns update style is designed to interoperate
with IPv6 dynamic updates. It's expected to be run together.
> I believe that the test should be specific, if an 'A' exists and no
> DHCID - fail, if the DHCID matches - pass, if no 'A' and no DHCID -
> pass. The presence of the AAAA should have no impact on the clients use
> of IPv4.
I think there's room under the sun for an infinite variety of update
policies - and our present software only uses its own with little to
no adjustable parameters at that.
But the reason the check you've hit against is there is to keep
people from hijacking names. The "my name is www.example.com"
There's no difference in terms of hijackability if the addresses
cross protocol boundaries.
If the name is dynamically managed, it gets a DHCID. If it's
statically managed, and dynamic software needs to be 'HANDS OFF',
then there is no DHCID, and there can be any other record.
Wether it's an A or AAAA or DNAME or SRV or LOC or MX doesn't
enter into it.
If there's a bug here, it's that the prerequisite to remove the
DHCID on lease expiry only looks for IN.A. In truth, it should
look for IN.ANY, and only remove the DHCID once no records exist.
I'm waiting until we can adopt the RFC-defined DHCID (which does
not look like our TXT record anymore) to reimplement the update
policy, and add hooks to add others.
David W. Hankins "If you don't do it right the first time,
Software Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
More information about the dhcp-users