From chuck+6bone at snew.com Thu Feb 5 15:34:41 2004 From: chuck+6bone at snew.com (Chuck Yerkes) Date: Sat Feb 7 18:14:26 2004 Subject: [6bone] Fwd: BCP 80, RFC 3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <5.2.0.9.0.20040120203836.00b9c310@mail.addr.com> References: <20040120220645.GA2401@ping.be> <5.2.0.9.0.20040120203836.00b9c310@mail.addr.com> Message-ID: <20040205233441.GA17858@snew.com> Quoting Bob Fink (bob@thefinks.com): > >Kurt Roeckx wrote: > >> FYI. > >Indeed just saw it on the ID mailer too. > >Now let's see when it gets implemented. > >Who votes for 6/6/2006 ? :) > > > >On a better topic, I hope this gets there real quick > >because then we can simply turn of ip6.int and *FORCE* > >application vendors to do ip6.arpa support in their code. ... > Marc Blanchet is readying the servers as we speak to make this happen. I say we rise up and rebel. I used arpa net. 20+ years ago. I'd dance to see the arpa TLD die. INT is a fine place to end 6 addresses in. Then we can mock slow 6 adopters and say: See? "INT"! It's for INTernet. You're on arpa-net technology DNAME frightens me as too easy a way to subvert large parts of a network. Thanks, I'll watch from over here. And I like 6/6/6 as a major ipv6 implementation date :) From gert at space.net Sun Feb 8 10:06:42 2004 From: gert at space.net (Gert Doering) Date: Sun Feb 8 10:06:50 2004 Subject: [6bone] Fwd: BCP 80, RFC 3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <20040205233441.GA17858@snew.com> References: <20040120220645.GA2401@ping.be> <5.2.0.9.0.20040120203836.00b9c310@mail.addr.com> <20040205233441.GA17858@snew.com> Message-ID: <20040208180642.GU8040@Space.Net> hi, On Thu, Feb 05, 2004 at 06:34:41PM -0500, Chuck Yerkes wrote: > > >On a better topic, I hope this gets there real quick > > >because then we can simply turn of ip6.int and *FORCE* > > >application vendors to do ip6.arpa support in their code. > > I say we rise up and rebel. I used arpa net. 20+ years > ago. I'd dance to see the arpa TLD die. INT is a fine place > to end 6 addresses in. While I understand your sentiments, I don't think this would be overly helpful. This stupid ip6.int/ip6.arpa power play has been going on for way too long, and we really should take the pragmatic way and just accept what is written in the RFC now (ip6.arpa), even if we don't like it. Reopening that can of worms will just delay useful reverse DNS deployment even further. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 58081 (57882) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From wildfire at progsoc.uts.edu.au Sun Feb 8 17:35:52 2004 From: wildfire at progsoc.uts.edu.au (Anand Kumria) Date: Sun Feb 8 17:36:19 2004 Subject: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC 3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <20040208180642.GU8040@Space.Net> References: <20040120220645.GA2401@ping.be> <5.2.0.9.0.20040120203836.00b9c310@mail.addr.com> <20040205233441.GA17858@snew.com> <20040208180642.GU8040@Space.Net> Message-ID: <20040209013552.GL21603@yeenoghu.progsoc.uts.edu.au> Hi Gert, On Sun, Feb 08, 2004 at 07:06:42PM +0100, Gert Doering wrote: > hi, > > On Thu, Feb 05, 2004 at 06:34:41PM -0500, Chuck Yerkes wrote: > > > >On a better topic, I hope this gets there real quick > > > >because then we can simply turn of ip6.int and *FORCE* > > > >application vendors to do ip6.arpa support in their code. > > > > I say we rise up and rebel. I used arpa net. 20+ years > > ago. I'd dance to see the arpa TLD die. INT is a fine place > > to end 6 addresses in. > > While I understand your sentiments, I don't think this would be overly > helpful. This stupid ip6.int/ip6.arpa power play has been going on for > way too long, and we really should take the pragmatic way and just > accept what is written in the RFC now (ip6.arpa), even if we don't like > it. Fair enough -- how another then (-; > Reopening that can of worms will just delay useful reverse DNS deployment > even further. What useful reverse DNS deployment? Can you usefully assign reverse for systems using the privacy extensions? Look at IPv4 to see how hard it for people to manage < 2^8 in address for reverse, do you really expect people with 2^64 (or more) addresses to cope? I think the power play has actually been really beneficial -- a lot more ISPs have realised that reverse DNS is fundamentally pointless, even more so in the Brave New World of IPv6. The other cool thing about the power play has been highlighting the cliq involved. Previously it was all somewhat behind the scenes -- at least this (terminably long) event has brought most of those involved out into the open. Anand -- `` We are shaped by our thoughts, we become what we think. When the mind is pure, joy follows like a shadow that never leaves. '' -- Buddha, The Dhammapada From jeroen at unfix.org Sun Feb 8 18:18:10 2004 From: jeroen at unfix.org (Jeroen Massar) Date: Sun Feb 8 18:20:14 2004 Subject: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC 3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <20040209013552.GL21603@yeenoghu.progsoc.uts.edu.au> Message-ID: <010501c3eeb2$f74501b0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Anand Kumria wrote: > On Sun, Feb 08, 2004 at 07:06:42PM +0100, Gert Doering wrote: > > Reopening that can of worms will just delay useful reverse DNS deployment > > even further. > > What useful reverse DNS deployment? Can you usefully assign > reverse for systems using the privacy extensions? Those addresses are not meant to be reversed and are meant for a short life anyways. Programs doing SSH for instance should request the 'static' address of a host when connecting. Personally I turn the option of on every box I visit. For linux kernels one has the option of not even compiling it in and it is off per default fortunatly ;) The privacy extensions where meant for workstations and similar setups anyways, these don't need reverses. Server boxes and routers do though, or are you changing the address of your webserver every 10 minutes ? :) > Look at IPv4 to see how hard it > for people to manage < 2^8 in address for reverse, do you really expect > people with 2^64 (or more) addresses to cope? Why not, never heared of DHCPv6, DDNS and automated registration/scripting ? If you or your ISP can't then too bad ;) FYI: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html Using a little scripting I have also made a Windows version, sporting IPv6 support thus everything is possible. Windows.Net is probably already doing it from install btw, though I am not sure as I don't have anything 'newer' as XP. Maybe SP2? I know for sure that the IPv6 reverse tree is much better populated and usefully (no automatically generated reverses) populated than the counterpart IPv4 tree. Main reason: dnsspamming irc kiddo's. Next to that the people that do IPv6 want it to succeed and thus also put those things neatly into the reverse and forward DNS. Btw, I know from experience a nice reverse DNS tree setup which has more entries (non-spammed btw) than most hosting ISP's serve DNS for websites :) Eat 18mb of ascii dns zones There should be a document, which probably needs to be created as I haven't seen one yet, defining how to make this all work, nice job for the IETF v6ops group. A nice scenario on what to delegate to end users and how endusers can easily populate it. Another solution would be to have synthesis in DNS. There is a special ICMPv6 which can be used to query a host for it's hostname. See draft-ietf-ipngwg-icmp-name-lookups-10.txt, though I don't know the exact status, KAME stacks have it, from ping6 man on BSD: 8<----------- -w Generate ICMPv6 Node Information DNS Name query, rather than echo-request. -s has no effect if -w is specified. - ----------->8 Thus: jeroen@bfib:~$ ping6 -v -w hog PING6(72=40+8+24 bytes) 2001:7b8:3:1e:290:27ff:fe0c:5c5e --> 2001:7b8:3:17:203:47ff:fe3b:3138 33 bytes from 2001:7b8:3:17:203:47ff:fe3b:3138: hog.ipng.nl. (TTL=0:meaningless) 33 bytes from 2001:7b8:3:17:203:47ff:fe3b:3138: hog.ipng.nl. (TTL=0:meaningless) One could let a DNS, which hasn't got a reverse tree for a certain host do the ICMPv6 trick and return the answer. Tada, even your privacy addressed hosts could do this but that would totally defeat the purpose of the 'privacy' which I still find laugable as one can usually say that not more than 1000 people will be residing in the same /64 or even /48 thus people coming from that prefix will be the same one especially if the are visiting the same set of websites. But this all is work for the IETF and the ISP's ofcourse ;) > I think the power play has actually been really beneficial -- > a lot more ISPs have realised that reverse DNS is fundamentally pointless, even > more so in the Brave New World of IPv6. The brave new world over here (Europe) works quite well, we simply don't use 6bone that much anymore thus have been happily using RIPE's ip6.int + ip6.arpa delegations. ISP's doing the real thing have already switched to RIR space a long time ago, usually after having quite an extensive and happy testing time on the 6bone. Next to that I wonder what you call 'a lot more ISPs' seeing that, compared to RIR space, not so many are involved at all. Also seeing the 6bone list quite quiet tells some things, one of them being that most really can't care less and have more important things on their minds than playing the power game. > The other cool thing about the power play has been highlighting the cliq > involved. Previously it was all somewhat behind the scenes -- at least > this (terminably long) event has brought most of those > involved out into the open. It was never behind the scenes, it was always quite clear what was happening except for the fact that some people didn't realize it. It is the same like watching a soap show with someone who is following it totally, they know what is happening but for a onetime viewer it is yet another single episode. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / http://unfix.org/~jeroen iQA/AwUBQCbt4imqKFIzPnwjEQIksACgnF+zo++AMOnda4DaE7gQDhrje+IAoLJO 1GdLJ5Cda8dH8EjJBay3z/oI =3/ky -----END PGP SIGNATURE----- From perry at piermont.com Sun Feb 8 18:56:08 2004 From: perry at piermont.com (Perry E. Metzger) Date: Sun Feb 8 18:56:25 2004 Subject: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC 3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <20040209013552.GL21603@yeenoghu.progsoc.uts.edu.au> (Anand Kumria's message of "Mon, 9 Feb 2004 12:35:52 +1100") References: <20040120220645.GA2401@ping.be> <5.2.0.9.0.20040120203836.00b9c310@mail.addr.com> <20040205233441.GA17858@snew.com> <20040208180642.GU8040@Space.Net> <20040209013552.GL21603@yeenoghu.progsoc.uts.edu.au> Message-ID: <87r7x5dkqf.fsf@snark.piermont.com> Anand Kumria writes: > What useful reverse DNS deployment? Can you usefully assign reverse for > systems using the privacy extensions? Yes, if only to give you a general idea of the organization that the addresses come from. > Look at IPv4 to see how hard it for people to manage < 2^8 in > address for reverse, It is trivial to manage them -- just generate your forwards and reverses from a database. I had assumed most people understood that managing multiple files with interrelated data was best done by automated, rather than manual, means. > do you really expect people with 2^64 (or more) addresses to cope? Yes. Among other things, BIND lets you simply generate names automatically if you want, and you can also use dynamic update... -- Perry E. Metzger perry@piermont.com From mjl at luckie.org.nz Sun Feb 8 21:49:12 2004 From: mjl at luckie.org.nz (Matthew Luckie) Date: Sun Feb 8 21:49:30 2004 Subject: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC 3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <010501c3eeb2$f74501b0$210d640a@unfix.org> References: <010501c3eeb2$f74501b0$210d640a@unfix.org> Message-ID: <40271F58.5040102@luckie.org.nz> > I know for sure that the IPv6 reverse tree is much better populated > and usefully (no automatically generated reverses) populated than > the counterpart IPv4 tree. Main reason: dnsspamming irc kiddo's. > Next to that the people that do IPv6 want it to succeed and thus also > put those things neatly into the reverse and forward DNS. > Btw, I know from experience a nice reverse DNS tree setup which has > more entries (non-spammed btw) than most hosting ISP's serve DNS for > websites :) Eat 18mb of ascii dns zones just a small amount of stats from someone who is not big on stats: i did a DNS walk of ip6.int about 9 months ago. of the ~31k addresses i got, 21k were automatically generated (2x 10k, 1x 1k). i saw a fair amount of DNS spamming, but it did not feel like IRC lamers had taken over the DNS. From memory there was some kind of free DNS service behind a fair amount of the spam. of the ~10k left, 2445 survived a sanity check (taking the name returned in the PTR and resolving for the IPv6 address returned as part of the walk). of those 2445, i got a response rate of about 70% +/- 3% with traceroute, depending on where the tests were run from. the majority of failures of communicating with an address were loops, followed by dead paths (hosts/networks that said nothing). only a very small proportion of addresses that were not actually reachable had a router send an ICMP response saying so. http://voodoo.cs.waikato.ac.nz/~mjl12/ipv6-scamper/ From jeroen at unfix.org Mon Feb 9 04:40:03 2004 From: jeroen at unfix.org (Jeroen Massar) Date: Mon Feb 9 04:40:56 2004 Subject: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <40271F58.5040102@luckie.org.nz> Message-ID: <007d01c3ef09$d7d88020$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Matthew Luckie wrote: > just a small amount of stats from someone who is not big on stats: > > i did a DNS walk of ip6.int about 9 months ago. The trick here is that you should taka a look at ip6.arpa. ip6.int has been deprecated for over 2 years ago... Please check ip6.arpa and test RIR space, not 6bone space as can be seen yet again, ip6.arpa for 6bone will take quite some time and even more time to get deployed under the many slumbering and neglected pTLA's floating around. > of the ~31k addresses i got, 21k were automatically generated > (2x 10k, 1x 1k). i saw a fair amount of DNS spamming, but it did not > feel like IRC lamers had taken over the DNS. From memory there was > some kind of free DNS service behind a fair amount of the spam. It is indeed always in the same prefix, some operators don't use it at all and some like to use it on every single IP they can put their hands on. Do you have some more detailed output of these results. Also did you mean you autogenerated 21k addresses or that you found 21k autogenerated reverses? > of the ~10k left, 2445 survived a sanity check (taking the > name returned in the PTR and resolving for the IPv6 address returned as > part of the walk). That's the 6bone indeed, sometimes in traceroutes some odd routes pop up and some times even the domainname to which the reverse points to has been expired for 2 years already :) > of those 2445, i got a response rate of about 70% +/- 3% with > traceroute, depending on where the tests were run from. the > majority of failures of communicating with an address were loops, > followed by dead paths (hosts/networks that said nothing). only a very small > proportion of addresses that were not actually reachable had a router > send an ICMP response saying so. > > http://voodoo.cs.waikato.ac.nz/~mjl12/ipv6-scamper/ I guess you did the same thing as what Lorenzo Colitti did for his tunnel discovery, you thought that the 6bone registry is a working and up-to-date source. Well two things about that. There is more to the IPv6 internet than the 6bone, secondly, the 6bone registry is one of the biggest messes of them all. I also read that you used the 6bone db of February 2003 while doing the tests almost 4 and 6 months later, better use a more up-to-date version next time as some people do actually update it. "google IPv6: addresses collected by taking the first 1000 unique sites returned in a google search for "IPv6" and resolving them for IPv6 addresses " Most sites in google don't have IPv6, as your report also notices of the 1000 you took, only 123 has IPv6... though that is still 12.3% of the hosts, which actually is quite a lot. Also see http://www.prik.net/list.html for a big list of IPv6 capable hosts. Maybe run scamper against that list ? I can do it from my vantage point if you would like to. Checking slide 9 of Lorenzo's presentation, to be found at: http://www.ripe.net/ripe/meetings/ripe-47/presentations/ripe47-ipv6-tunnel-disco.pdf shows that of over the 4000 tunnels 'registered' in the 6bone registry about 43% are nonexistent and another 32% are down or filtered, let's assume those simply don't work as filtering simply is not something that most people do. Thus of the 4000 tunnels in the registry 43+32 = 75% is broken, only 1000 left... One can read from this that the 6bone is going away, which is a good thing as people move to RIR space and more production environments, the only problem there though is that people don't take the responsibility to clean the registries. PS: as for the /127 question at the bottom of your page, there are many ISP's using /127's, IPng.nl has over 500 from them to endusers. It only hurts on OS's that are anycast aware and when the tunnel gets configured as a /127, using 2x /128 does work. I am also aware of setups that use /64 per link but only route 2x the /128, that is one /128 to the local host and, one /128 to the remote endpoint pointing across the tunnel. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / http://unfix.org/~jeroen iQA/AwUBQCd/mSmqKFIzPnwjEQKzGgCeJZXJCnhpe9PujN4KAsRUuXfVIaIAniO7 gYGXe2vgBMTUbfNCKwrjiQtW =/t0M -----END PGP SIGNATURE----- From tjc at ecs.soton.ac.uk Mon Feb 9 05:20:02 2004 From: tjc at ecs.soton.ac.uk (Tim Chown) Date: Mon Feb 9 05:20:26 2004 Subject: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC 3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <010501c3eeb2$f74501b0$210d640a@unfix.org> References: <20040209013552.GL21603@yeenoghu.progsoc.uts.edu.au> <010501c3eeb2$f74501b0$210d640a@unfix.org> Message-ID: <20040209132002.GT16789@login.ecs.soton.ac.uk> On Mon, Feb 09, 2004 at 03:18:10AM +0100, Jeroen Massar wrote: > > Those addresses are not meant to be reversed and are meant for > a short life anyways. Programs doing SSH for instance should > request the 'static' address of a host when connecting. > Personally I turn the option of on every box I visit. > For linux kernels one has the option of not even compiling it > in and it is off per default fortunatly ;) The privacy > extensions where meant for workstations and similar setups > anyways, these don't need reverses. Server boxes and routers > do though, or are you changing the address of your webserver > every 10 minutes ? :) Reverse DNS is commonly - whether rightly or wrongly - used by mail servers before accepting email from a client. Unless you VPN back to your home network, or use ssh to a Linux box for a mail client, you'll want to use some local mail server. Turning off rfc3041 might not be possible. > There should be a document, which probably needs to be created as > I haven't seen one yet, defining how to make this all work, nice job > for the IETF v6ops group. A nice scenario on what to delegate to end > users and how endusers can easily populate it. There is a draft by Alain Durand I recall, at least on the issue of reverse DNS and synthesis. I think that one expired but some of the issues are in http://www.ietf.org/internet-drafts/draft-ietf-dnsop-ipv6-dns-issues-04.txt under section 7. Tim From perry at piermont.com Mon Feb 9 06:37:00 2004 From: perry at piermont.com (Perry E. Metzger) Date: Mon Feb 9 06:37:07 2004 Subject: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC 3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <20040209132002.GT16789@login.ecs.soton.ac.uk> (Tim Chown's message of "Mon, 9 Feb 2004 13:20:02 +0000") References: <20040209013552.GL21603@yeenoghu.progsoc.uts.edu.au> <010501c3eeb2$f74501b0$210d640a@unfix.org> <20040209132002.GT16789@login.ecs.soton.ac.uk> Message-ID: <87d68otj3n.fsf@snark.piermont.com> Tim Chown writes: > Reverse DNS is commonly - whether rightly or wrongly - used by mail > servers before accepting email from a client. It is used for all sorts of purposes, and not having it work would be a major pain in the neck. Perry From mjl at luckie.org.nz Mon Feb 9 12:54:45 2004 From: mjl at luckie.org.nz (Matthew Luckie) Date: Mon Feb 9 12:55:44 2004 Subject: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <007d01c3ef09$d7d88020$210d640a@unfix.org> References: <007d01c3ef09$d7d88020$210d640a@unfix.org> Message-ID: <4027F395.2090603@luckie.org.nz> >>i did a DNS walk of ip6.int about 9 months ago. > > The trick here is that you should taka a look at ip6.arpa. > ip6.int has been deprecated for over 2 years ago... > Please check ip6.arpa and test RIR space, not 6bone space as > can be seen yet again, ip6.arpa for 6bone will take quite some > time and even more time to get deployed under the many slumbering > and neglected pTLA's floating around. yeah, I know about that. I was going to do the same experiment on ip6.arpa. In theory the DNS for ip6.int was smaller than for ip6.arpa, so it was useful to run my code on ip6.int first. I was/am really worried about finding large numbers of autogenerated reverses, and wanted to get some indication as to what I was likely to hit on ip6.arpa. >>of the ~31k addresses i got, 21k were automatically generated >>(2x 10k, 1x 1k). i saw a fair amount of DNS spamming, but it did not >>feel like IRC lamers had taken over the DNS. From memory there was >>some kind of free DNS service behind a fair amount of the spam. > Do you have some more detailed output of these results. Also did > you mean you autogenerated 21k addresses or that you found 21k > autogenerated reverses? I found 21k autogenerated reverses. I can have a look at the data and report on other stats if you would like to suggest things to report on. I noticed a fair number of invalid addresses returned (as in addresses that are one byte too long or too short). Perhaps I should look into that. Answering your question, I don't have a more detailed output of the DNS quirks I saw. From jeroen at unfix.org Mon Feb 9 15:24:49 2004 From: jeroen at unfix.org (Jeroen Massar) Date: Mon Feb 9 15:25:22 2004 Subject: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <4027F395.2090603@luckie.org.nz> Message-ID: <017501c3ef63$e9c24690$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Matthew Luckie [mailto:mjl@luckie.org.nz] wrote: > >>i did a DNS walk of ip6.int about 9 months ago. > > > > The trick here is that you should taka a look at ip6.arpa. > > ip6.int has been deprecated for over 2 years ago... > > Please check ip6.arpa and test RIR space, not 6bone space as > > can be seen yet again, ip6.arpa for 6bone will take quite some > > time and even more time to get deployed under the many slumbering > > and neglected pTLA's floating around. > > yeah, I know about that. I was going to do the same experiment on > ip6.arpa. In theory the DNS for ip6.int was smaller than for > ip6.arpa, so it was useful to run my code on ip6.int first. I was/am really > worried about finding large numbers of autogenerated reverses, and > wanted to get some indication as to what I was likely to hit > on ip6.arpa. > >>of the ~31k addresses i got, 21k were automatically generated > >>(2x 10k, 1x 1k). i saw a fair amount of DNS spamming, but it did not > >>feel like IRC lamers had taken over the DNS. From memory there was > >>some kind of free DNS service behind a fair amount of the spam. I know realize, after rereading the doc again, why you didn't came across those dnsspammy addresses, this as you are tracerouting to only 867+144+2445+123+11+486+153 = 4229 addresses, though these might be spread apart, these are not the enduser IP addresses which are mostly aliases on the same machine, thus the 'primary' IP of those boxes might quite well be a clean address. Using the traceroute way you only 'hit' backbone IP's, which is actually a good thing as these are the IP's that should have working forward and reverse DNS's as these are really useful. You could axfr 0.0.0.2.4.1.1.8.e.f.f.3.ip6.int btw, which is the 3ffe:8114:2000::/48 prefix from which IPng.nl endusers get their subnet space, it currently contains: $ cat 0.0.0.2.4.1.1.8.e.f.f.3.ip6.int |grep Serial |wc -l 155 suballocations, which are gathered into this single zonefile four times a day by a fancy dig script, and: $ cat 0.0.0.2.4.1.1.8.e.f.f.3.ip6.int |grep PTR |wc -l 1136 ptr records, thus 1136/155 = 7.32 hosts on average per /60 allocation. Note that these are endusers, the infrastructure between the big internet and them have autogenerated reverses, which resides in the 3ffe:8114:1000::/48 (thus 0.0.0.1.4.1.1.8.e.f.f.3.ip6.arpa) Which contains 5000 tunnels, 2 endpoints (POP and remote side) thus 10000 PTR records (and no we didn't want to type those in manually ;) As your document heads "The focus of the current research is in providing insight into the behaviour and growth patterns of the IPv6 Internet." I wonder how you want to achieve this as you would require a very large set of endnode addresses and even then you will mostly be mapping the backbone, thus routers, and not the endsites where the host reside. Randomly picking IP's to test is not a real option with 128bits addresses to pick from :) > > Do you have some more detailed output of these results. Also did > > you mean you autogenerated 21k addresses or that you found 21k > > autogenerated reverses? > > I found 21k autogenerated reverses. I can have a look at the > data and report on other stats if you would like to suggest > things to report on. Where these addresses autogenerated in the: 2001:db8::1 -> PTR node-1..reverse.example.net or better example'd using IPv4: 192.0.2.1 -> 1.2.0.192.in-addr.arpa PTR node-1-2.reverse.example.net > I noticed a fair number of invalid addresses returned (as > in addresses that are one byte too long or too short). That would be an interresting item to report imho. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / http://unfix.org/~jeroen iQA/AwUBQCgWwSmqKFIzPnwjEQLiLQCcDbKF1rAm9/8DpBGQshbg7W6ty28Anj8S 2ttZ6T2gSV6g2mSsX9Q4OsmL =IuNP -----END PGP SIGNATURE----- From mjl at luckie.org.nz Mon Feb 9 15:40:13 2004 From: mjl at luckie.org.nz (Matthew Luckie) Date: Mon Feb 9 15:40:53 2004 Subject: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC 3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <40271F58.5040102@luckie.org.nz> References: <010501c3eeb2$f74501b0$210d640a@unfix.org> <40271F58.5040102@luckie.org.nz> Message-ID: <40281A5D.1080704@luckie.org.nz> Matthew Luckie wrote: > i did a DNS walk of ip6.int about 9 months ago. i've just gone looking at the data and I infact walked ip6.arpa so the stats that i presented are for ip6.arpa and not ip6.int as I first said. sorry for being so dense. From chuck+6bone at snew.com Thu Feb 12 10:10:51 2004 From: chuck+6bone at snew.com (Chuck Yerkes) Date: Thu Feb 12 10:11:29 2004 Subject: [6bone] Re: reverse 6dns painful (was Re: reverse DNS considered pointless) In-Reply-To: <87r7x5dkqf.fsf@snark.piermont.com> References: <20040120220645.GA2401@ping.be> <5.2.0.9.0.20040120203836.00b9c310@mail.addr.com> <20040205233441.GA17858@snew.com> <20040208180642.GU8040@Space.Net> <20040209013552.GL21603@yeenoghu.progsoc.uts.edu.au> <87r7x5dkqf.fsf@snark.piermont.com> Message-ID: <20040212181051.GA14023@snew.com> Quoting Perry E. Metzger (perry@piermont.com): > > Anand Kumria writes: > > What useful reverse DNS deployment? Can you usefully assign reverse for > > systems using the privacy extensions? > > Yes, if only to give you a general idea of the organization that the > addresses come from. > > > Look at IPv4 to see how hard it for people to manage < 2^8 in > > address for reverse, > > It is trivial to manage them -- just generate your forwards and > reverses from a database. I had assumed most people understood that > managing multiple files with interrelated data was best done by > automated, rather than manual, means. I gotta say, though, that it would be nice if BIND let you describe a zone file is "this is a reverse for BLAH" and let you put the address in FORWARD as we are used to seeing it: 9ffe:666::22 and let the damn parser turn that into what named wants to see. I've made enough typos doing reverse by hand and don't understand why I'm doing it. (ok, now a perl script does it, but there's no reason for me to even store it like that in a file). From jeroen at unfix.org Thu Feb 12 11:39:31 2004 From: jeroen at unfix.org (Jeroen Massar) Date: Thu Feb 12 11:41:32 2004 Subject: [6bone] Re: reverse 6dns painful (was Re: reverse DNS consideredpointless) In-Reply-To: <20040212181051.GA14023@snew.com> Message-ID: <00fe01c3f19f$eff6f860$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Chuck Yerkes wrote: > I gotta say, though, that it would be nice if BIND let you describe > a zone file is "this is a reverse for BLAH" and let you put the > address in FORWARD as we are used to seeing it: > 9ffe:666::22 > > and let the damn parser turn that into what named wants to see. > I've made enough typos doing reverse by hand and don't understand > why I'm doing it. (ok, now a perl script does it, but there's no > reason for me to even store it like that in a file). djbdns and PowerDNS (afaik) both do this already. This is a tool option, not a protocol thing. Next to that you might always be better of storing your hosts in a database and generating everything from that. PS: 2001:db8::/32 is a documentation prefix, which is also very handy in examples ;) Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / http://unfix.org/~jeroen iQA/AwUBQCvWcimqKFIzPnwjEQK//wCdFBQoikR6SOHWdLpGMaMU0hRB8NQAnj2d XnZspZ6s5R3F3+IpkEI8r8fG =r30X -----END PGP SIGNATURE----- From cfaber at fpsn.net Thu Feb 12 16:54:48 2004 From: cfaber at fpsn.net (Colin Faber) Date: Thu Feb 12 16:54:25 2004 Subject: [6bone] Re: reverse 6dns painful (was Re: reverse DNS consideredpointless) In-Reply-To: <00fe01c3f19f$eff6f860$210d640a@unfix.org> References: <00fe01c3f19f$eff6f860$210d640a@unfix.org> Message-ID: <402C2058.4050504@fpsn.net> Jeroen Massar wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >Chuck Yerkes wrote: > > > >>I gotta say, though, that it would be nice if BIND let you describe >>a zone file is "this is a reverse for BLAH" and let you put the >>address in FORWARD as we are used to seeing it: >>9ffe:666::22 >> >> This would be impractical as it would break the domain name format, [A-Za-z0-9.-] >>and let the damn parser turn that into what named wants to see. >> >> Reversing IPv6 in software is not that hard, Why couldn't it go the other way? Have the parser take the officially blessed format and turn it into your non-standard colon variation. >>I've made enough typos doing reverse by hand and don't understand >>why I'm doing it. >> Don't do it by hand. >> (ok, now a perl script does it, but there's no >>reason for me to even store it like that in a file). >> >> > >djbdns and PowerDNS (afaik) both do this already. > > I disagree with with any popular DNS providing this feature as it promotes non-standard "standards" (think: Microsoft's active directory service) >This is a tool option, not a protocol thing. >Next to that you might always be better of storing >your hosts in a database and generating everything >from that. > > I agree with this =) >PS: 2001:db8::/32 is a documentation prefix, which >is also very handy in examples ;) > >Greets, > Jeroen > >-----BEGIN PGP SIGNATURE----- >Version: Unfix PGP for Outlook Alpha 13 Int. >Comment: Jeroen Massar / http://unfix.org/~jeroen > >iQA/AwUBQCvWcimqKFIzPnwjEQK//wCdFBQoikR6SOHWdLpGMaMU0hRB8NQAnj2d >XnZspZ6s5R3F3+IpkEI8r8fG >=r30X >-----END PGP SIGNATURE----- > >_______________________________________________ >6bone mailing list >6bone@mailman.isi.edu >http://mailman.isi.edu/mailman/listinfo/6bone > > > > -- Colin Faber FPSN.Net Development staff email: cfaber@fpsn.net From netza at noc.udg.mx Thu Feb 12 16:56:11 2004 From: netza at noc.udg.mx (=?iso-8859-1?Q?Netzahualcoyotl_Ornelas_Garc=EDa?=) Date: Thu Feb 12 16:56:25 2004 Subject: [6bone] IPv6 problems with Cisco PIX Firewall 535 series Message-ID: <00a301c3f1cc$2c658920$bf0fca94@ipv6.udg.mx> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 2725 bytes Desc: not available Url : http://gamma.isi.edu/pipermail/6bone/attachments/20040212/c9f2e7f1/attachment.gif From psb at ast.cam.ac.uk Thu Feb 12 23:46:58 2004 From: psb at ast.cam.ac.uk (Peter Bunclark) Date: Thu Feb 12 23:47:09 2004 Subject: [6bone] Re: reverse 6dns painful (was Re: reverse DNS consideredpointless) In-Reply-To: <402C2058.4050504@fpsn.net> References: <00fe01c3f19f$eff6f860$210d640a@unfix.org> <402C2058.4050504@fpsn.net> Message-ID: On Thu, 12 Feb 2004, Colin Faber wrote: > Jeroen Massar wrote: > > > >Chuck Yerkes wrote: > > > >>I gotta say, though, that it would be nice if BIND let you describe > >>a zone file is "this is a reverse for BLAH" and let you put the > >>address in FORWARD as we are used to seeing it: > >>9ffe:666::22 > >> > >> > This would be impractical as it would break the domain name format, > [A-Za-z0-9.-] > > >>and let the damn parser turn that into what named wants to see. > >> > >> > Reversing IPv6 in software is not that hard, Why couldn't it go the > other way? Have the parser take the officially blessed format and turn > it into your non-standard colon variation. > > >>I've made enough typos doing reverse by hand and don't understand > >>why I'm doing it. > >> > Don't do it by hand. > > >> (ok, now a perl script does it, but there's no > >>reason for me to even store it like that in a file). > >> > >djbdns and PowerDNS (afaik) both do this already. > > > I disagree with with any popular DNS providing this feature as it > promotes non-standard "standards" (think: Microsoft's active directory > service) > I agree with Chuck, and we were kind of getting there with the bitstring proposed standard (but that is ugly, to say the least). Wouldn't it make reverse tables just so much easier to view, debug, and yes, create by hand, if you could do something like +3ffe:1:2:3::4 PTR home.6bone.net Pete. From jeroen at unfix.org Fri Feb 13 03:01:46 2004 From: jeroen at unfix.org (Jeroen Massar) Date: Fri Feb 13 03:02:09 2004 Subject: [6bone] Re: reverse 6dns painful (was Re: reverse DNSconsideredpointless) In-Reply-To: Message-ID: <003201c3f220$c6574830$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Peter Bunclark wrote: > I agree with Chuck, and we were kind of getting there with > the bitstring proposed standard (but that is ugly, to say the least). > Wouldn't it make reverse tables just so much easier to view, debug, and yes, create by > hand, if you could do something like > +3ffe:1:2:3::4 PTR home.6bone.net That is a tool problem, create a simple script that makes reverses for you. djbdns and PowerDNS are such tools which allow that. Microsoft's DNS server btw allows registration, so does BIND, but in Windows it is on per default for domains + dhcp. Hint: Long live SQL (and that fancy ip6_int.pl script ;). > Colin Faber wrote: > > >Chuck Yerkes wrote: > > Jeroen Massar wrote: > > >> (ok, now a perl script does it, but there's no > > >>reason for me to even store it like that in a file). > > >> > > >djbdns and PowerDNS (afaik) both do this already. > > > > > I disagree with with any popular DNS providing this feature as it > > promotes non-standard "standards" (think: Microsoft's active directory > > service) You actually mean "I hate microsoft" as Dynamic DNS is a standard. FYI: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html (Repeat again ;) Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / http://unfix.org/~jeroen iQA/AwUBQCyumSmqKFIzPnwjEQL3PgCfX4Yc1fz6Fh6GQKIOt2QnHvo/9swAn2I7 Ne1Mdol3Z+dNzC8MUjlrO+gc =B1bt -----END PGP SIGNATURE----- From dean at ipnet6.org Fri Feb 13 04:03:24 2004 From: dean at ipnet6.org (Dean Strik) Date: Fri Feb 13 04:03:32 2004 Subject: [6bone] Re: reverse 6dns painful (was Re: reverse DNSconsideredpointless) In-Reply-To: <003201c3f220$c6574830$210d640a@unfix.org> References: <003201c3f220$c6574830$210d640a@unfix.org> Message-ID: <20040213120324.GC3887@dragon.stack.nl> Jeroen Massar wrote: > > > I disagree with with any popular DNS providing this feature as it > > > promotes non-standard "standards" (think: Microsoft's active directory > > > service) > > You actually mean "I hate microsoft" as Dynamic DNS is a standard. > FYI: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html I think you mean "proposed standard". -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli From cfaber at fpsn.net Fri Feb 13 11:37:04 2004 From: cfaber at fpsn.net (Colin Faber) Date: Fri Feb 13 11:36:44 2004 Subject: [6bone] Re: reverse 6dns painful (was Re: reverse DNSconsideredpointless) In-Reply-To: <20040213120324.GC3887@dragon.stack.nl> References: <003201c3f220$c6574830$210d640a@unfix.org> <20040213120324.GC3887@dragon.stack.nl> Message-ID: <402D2760.3040200@fpsn.net> Dean Strik wrote: >Jeroen Massar wrote: > > >>>>I disagree with with any popular DNS providing this feature as it >>>>promotes non-standard "standards" (think: Microsoft's active directory >>>>service) >>>> >>>> >>You actually mean "I hate microsoft" as Dynamic DNS is a standard. >>FYI: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html >> >> > >I think you mean "proposed standard". > > > Additionally unless I'm mistaken that standard still does not allow underscores '_' (something that MS ADS uses in host names) -- Colin Faber FPSN.Net Development staff email: cfaber@fpsn.net From jeroen at unfix.org Fri Feb 13 15:35:47 2004 From: jeroen at unfix.org (Jeroen Massar) Date: Fri Feb 13 15:36:10 2004 Subject: [6bone] Re: reverse 6dns painful (was Re: reverseDNSconsideredpointless) In-Reply-To: <20040213120324.GC3887@dragon.stack.nl> Message-ID: <004801c3f28a$1cc9c620$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Dean Strik wrote: > Jeroen Massar wrote: > > > > I disagree with with any popular DNS providing this feature as it > > > > promotes non-standard "standards" (think: Microsoft's active directory > > > > service) > > > > You actually mean "I hate microsoft" as Dynamic DNS is a standard. > > FYI: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html > > I think you mean "proposed standard". Many, at least most of, the RFC's are proposed standards and people of use protocols that are only in draft status. Nevertheless a protocol is a standard the second it reaches critical mass. For instance there is no RFC nor a 'official documented' standard for eg KaZaA, but it is a standard because a lot of people use it, changing the protocol would break that. Same goes with the above DNS stuff. On similar notes,
wasn't in HTML, Netscape put it in there and IE and others followed, and after that the 'standard document' got adjusted to make it work. Same for the http://user:pass@.... thing and many others ;) Colin Faber wrote: > Additionally unless I'm mistaken that standard still does not allow > underscores '_' (something that MS ADS uses in host names) Some implementations don't do IDN either, that doesn't mean that it isn't widely deployed ;) Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / http://unfix.org/~jeroen iQA/AwUBQC1fUymqKFIzPnwjEQLpUgCgpn11Sn+pzOWVPh+LnCC3UkSY2YwAn2W1 6eXFoznIUof0lJ7EqcOrhBNS =xe6C -----END PGP SIGNATURE----- From lathiat at sixlabs.org Fri Feb 13 21:33:50 2004 From: lathiat at sixlabs.org (Trent Lloyd) Date: Fri Feb 13 21:34:16 2004 Subject: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC 3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <20040209013552.GL21603@yeenoghu.progsoc.uts.edu.au> References: <20040120220645.GA2401@ping.be> <5.2.0.9.0.20040120203836.00b9c310@mail.addr.com> <20040205233441.GA17858@snew.com> <20040208180642.GU8040@Space.Net> <20040209013552.GL21603@yeenoghu.progsoc.uts.edu.au> Message-ID: <20040214053350.GA2666@sixlabs.org> > I think the power play has actually been really beneficial -- a lot more > ISPs have realised that reverse DNS is fundamentally pointless, even > more so in the Brave New World of IPv6. I disagree, it is not pointless. Trying to remember someone by ip address (as you might see them in logs or on IRC for example) is rather irritating, as well as finding out where that perosn originates from. Secondly if your MTAs were correctly configured then if it doesnt have reverse DNS it would drop the connection. Reverse DNS is usefull, but it should be managed, as mentioned, by automated processes including dynamic updates from autoconf requests etc. Having reverse DNS for privacy addresses however, is kindof stupid because it curcumvents the whole point of the changing address for privacy. That said, dead:cafe:beef:b00b makes half the worlds uses for reverse DNS redundant :) Cheers, Trent Sixlabs -- [ Trent "Lathiat" Lloyd lathi@sixlabs.org ]/ "You sure as hell shouldn't be \ [ tlhIngan Hol Dajatlh'e www.sixlabs.org ]| fingering my toaster" -Linus | [ GPG Key Id: 0x04AB3C5D www.bur.st ]| Torvalds, LCA2003 Speakers dinner| [ IPv6 Conference http://conf.sixlabs.org ]\ talking about ipv6 with me / From wildfire at progsoc.uts.edu.au Sat Feb 14 02:27:22 2004 From: wildfire at progsoc.uts.edu.au ('Anand Kumria') Date: Sat Feb 14 02:27:44 2004 Subject: Dynamic DNS update on Windows for IPv6 was: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC 3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <010501c3eeb2$f74501b0$210d640a@unfix.org> References: <20040209013552.GL21603@yeenoghu.progsoc.uts.edu.au> <010501c3eeb2$f74501b0$210d640a@unfix.org> Message-ID: <20040214102721.GU21603@yeenoghu.progsoc.uts.edu.au> On Mon, Feb 09, 2004 at 03:18:10AM +0100, Jeroen Massar wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Anand Kumria wrote: > > > Look at IPv4 to see how hard it > > for people to manage < 2^8 in address for reverse, do you really expect > > people with 2^64 (or more) addresses to cope? > > Why not, never heared of DHCPv6, DDNS and automated > registration/scripting ? If you or your ISP can't then too bad ;) Of course, and I use them daily. > FYI: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html > Using a little scripting I have also made a Windows version, > sporting IPv6 support thus everything is possible. If it isn't a problem, I'd actually be interested in seeing the script. It is something I've been meaning to look at but haven't found the time for us. > There should be a document, which probably needs to be created as > I haven't seen one yet, defining how to make this all work, nice job > for the IETF v6ops group. A nice scenario on what to delegate to end > users and how endusers can easily populate it. Well most time when I speak to ISPs the people there only make use of reverse DNS for: a. network diagnostic b. address description The most common complaint I hear is that they'd love a way to identify a particular IP (or set thereof) as being 'webcaches' and not DoS machines, etc. > Another solution would be to have synthesis in DNS. There is a > special ICMPv6 which can be used to query a host for it's hostname. > > See draft-ietf-ipngwg-icmp-name-lookups-10.txt, though I don't know > the exact status, KAME stacks have it, from ping6 man on BSD: > 8<----------- > -w Generate ICMPv6 Node Information DNS Name query, rather than > echo-request. -s has no effect if -w is specified. > - ----------->8 > > Thus: > jeroen@bfib:~$ ping6 -v -w hog > PING6(72=40+8+24 bytes) 2001:7b8:3:1e:290:27ff:fe0c:5c5e --> 2001:7b8:3:17:203:47ff:fe3b:3138 > 33 bytes from 2001:7b8:3:17:203:47ff:fe3b:3138: hog.ipng.nl. (TTL=0:meaningless) > 33 bytes from 2001:7b8:3:17:203:47ff:fe3b:3138: hog.ipng.nl. (TTL=0:meaningless) > Interesting, I wonder how that interacts with link-local names ... > I still find laugable as one can usually say that not more > than 1000 people will be residing in the same /64 or even /48 > thus people coming from that prefix will be the same one True. > > I think the power play has actually been really beneficial -- > > a lot more ISPs have realised that reverse DNS is fundamentally pointless, even > > more so in the Brave New World of IPv6. > > The brave new world over here (Europe) works quite well, we simply > don't use 6bone that much anymore thus have been happily using > RIPE's ip6.int + ip6.arpa delegations. Of course, you are in Europe and have a reasonable RIR. Over here we have APNIC. Worse, in .au very few ISPs have been experimenting with IPv6. Most of them have only begun recently, and the those that aren't listed at have an allocation within the Trumpet netblock (a few through me). > ISP's doing the real thing > have already switched to RIR space a long time ago, usually after > having quite an extensive and happy testing time on the 6bone. Since you can't get 6bone addresses any longer you are obliged to deal with your RIR (and few ISPs enjoy dealing with APNIC) or someone with an existing delegation. > > The other cool thing about the power play has been highlighting the cliq > > involved. Previously it was all somewhat behind the scenes -- at least > > this (terminably long) event has brought most of those > > involved out into the open. > > It was never behind the scenes, it was always quite > clear what was happening except for the fact that > some people didn't realize it. It is the same like > watching a soap show with someone who is following > it totally, they know what is happening but for a > onetime viewer it is yet another single episode. Great, the IETF & co. as an episode of the ultimate dysfunctional family, 'The Simpsons' :-). Cheers, Anand -- `` We are shaped by our thoughts, we become what we think. When the mind is pure, joy follows like a shadow that never leaves. '' -- Buddha, The Dhammapada From gert at space.net Sat Feb 14 02:51:27 2004 From: gert at space.net (Gert Doering) Date: Sat Feb 14 02:51:33 2004 Subject: Dynamic DNS update on Windows for IPv6 was: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC 3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <20040214102721.GU21603@yeenoghu.progsoc.uts.edu.au> References: <20040209013552.GL21603@yeenoghu.progsoc.uts.edu.au> <010501c3eeb2$f74501b0$210d640a@unfix.org> <20040214102721.GU21603@yeenoghu.progsoc.uts.edu.au> Message-ID: <20040214105127.GN8040@Space.Net> Hi, On Sat, Feb 14, 2004 at 09:27:22PM +1100, 'Anand Kumria' wrote: > > The brave new world over here (Europe) works quite well, we simply > > don't use 6bone that much anymore thus have been happily using > > RIPE's ip6.int + ip6.arpa delegations. > > Of course, you are in Europe and have a reasonable RIR. Over here we > have APNIC. Worse, in .au very few ISPs have been experimenting with > IPv6. Now this sparks professional interest. What's "unreasonable" about APNIC? >From my discussions with APNIC people, their policies and procedures are fairly similar to what RIPE does. As for "ISPs not picking up IPv6" - well, yes, this is a problem, but not something APNIC can solve. It has improved *lots* over here in Europe, but still the largest part of the Internet is not v6 capable. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 58081 (57882) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From gert at space.net Sat Feb 14 02:53:46 2004 From: gert at space.net (Gert Doering) Date: Sat Feb 14 02:53:52 2004 Subject: [6bone] Re: reverse 6dns painful (was Re: reverse DNS consideredpointless) In-Reply-To: References: <00fe01c3f19f$eff6f860$210d640a@unfix.org> <402C2058.4050504@fpsn.net> Message-ID: <20040214105346.GO8040@Space.Net> Hi, On Fri, Feb 13, 2004 at 07:46:58AM +0000, Peter Bunclark wrote: > > I disagree with with any popular DNS providing this feature as it > > promotes non-standard "standards" (think: Microsoft's active directory > > service) > > > I agree with Chuck, and we were kind of getting there with the bitstring > proposed standard (but that is ugly, to say the least). Wouldn't it make > reverse tables just so much easier to view, debug, and yes, create by > hand, if you could do something like > +3ffe:1:2:3::4 PTR home.6bone.net This is exactly the *problem* about the bitstring standard. To achieve the net result ("human readable IPv6 addresses in the reverse zone") you don't need to mess up the whole DNS *protocol* - this is a pure front-end issue. Run your DNS zones through a perl mangler before feeding to BIND, and no need to change anything at protocol level. And this is exactly what Jeroen has been saying: non-BIND-solutions already have these preprocessing capabilities. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 58081 (57882) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From gert at space.net Sat Feb 14 02:54:55 2004 From: gert at space.net (Gert Doering) Date: Sat Feb 14 02:55:01 2004 Subject: [6bone] Re: reverse 6dns painful (was Re: reverse DNSconsideredpointless) In-Reply-To: <402D2760.3040200@fpsn.net> References: <003201c3f220$c6574830$210d640a@unfix.org> <20040213120324.GC3887@dragon.stack.nl> <402D2760.3040200@fpsn.net> Message-ID: <20040214105455.GP8040@Space.Net> Hi, On Fri, Feb 13, 2004 at 12:37:04PM -0700, Colin Faber wrote: > Additionally unless I'm mistaken that standard still does not allow > underscores '_' (something that MS ADS uses in host names) The fact that MS doesn't adhere to the standard doesn't mean the *standard* needs changing ("that standard still does not allow..."). Yell at MS for breaking the RFCs. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 58081 (57882) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From lb-6bone at projectdream.org Sat Feb 14 03:02:43 2004 From: lb-6bone at projectdream.org (Lukas Beeler) Date: Sat Feb 14 03:03:52 2004 Subject: [6bone] Re: reverse 6dns painful (was Re: reverse DNSconsideredpointless) In-Reply-To: <20040214105455.GP8040@Space.Net> References: <003201c3f220$c6574830$210d640a@unfix.org> <20040213120324.GC3887@dragon.stack.nl> <402D2760.3040200@fpsn.net> <20040214105455.GP8040@Space.Net> Message-ID: <20040214110243.GA1776@may.projectdream.org> * Gert Doering : > On Fri, Feb 13, 2004 at 12:37:04PM -0700, Colin Faber wrote: > > Additionally unless I'm mistaken that standard still does not allow > > underscores '_' (something that MS ADS uses in host names) > The fact that MS doesn't adhere to the standard doesn't mean the *standard* > needs changing ("that standard still does not allow..."). Citing http://www.rfc-editor.org/rfc/rfc2782.txt: |Introductory example | | If a SRV-cognizant LDAP client wants to discover a LDAP server that | supports TCP protocol and provides LDAP service for the domain | example.com., it does a lookup of | | _ldap._tcp.example.com [ .. ] |Service | The symbolic name of the desired service, as defined in Assigned | Numbers [STD 2] or locally. An underscore (_) is prepended to | the service identifier to avoid collisions with DNS labels that | occur in nature. Doesn't look like breaking a standard to me. -- Today is the first day of the rest of our lives. http://www.suug.ch From jeroen at unfix.org Sat Feb 14 04:14:10 2004 From: jeroen at unfix.org (Jeroen Massar) Date: Sat Feb 14 04:15:51 2004 Subject: Dynamic DNS update on Windows for IPv6 was: reverse DNS considered pointless was: [6bone] Fwd: BCP 80, RFC 3681 on Delegation of E.F.F.3.IP6.ARPA In-Reply-To: <20040214102721.GU21603@yeenoghu.progsoc.uts.edu.au> Message-ID: <003201c3f2f4$0e48a610$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- 'Anand Kumria' [mailto:wildfire@progsoc.uts.edu.au] wrote: > On Mon, Feb 09, 2004 at 03:18:10AM +0100, Jeroen Massar wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Anand Kumria wrote: > > > > FYI: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html > > Using a little scripting I have also made a Windows version, > > sporting IPv6 support thus everything is possible. > > If it isn't a problem, I'd actually be interested in seeing > the script. > It is something I've been meaning to look at but haven't > found the time for us. Just convert the unix stuff into NT stuff by adding some magick ;) See http://unfix.org/~jeroen/archive/Windows_DynamicDNS_Update.zip One will only need to covert the keys as mentioned above and change the config of course* ;) > > There should be a document, which probably needs to be created as > > I haven't seen one yet, defining how to make this all work, nice job > > for the IETF v6ops group. A nice scenario on what to delegate to end > > users and how endusers can easily populate it. > > Well most time when I speak to ISPs the people there only make use of > reverse DNS for: > a. network diagnostic > b. address description > > The most common complaint I hear is that they'd love a way to > identify a particular IP (or set thereof) as being 'webcaches' and not > DoS machines, etc. webcache01.isp.example.net webcache02.isp.example.net webcache03.isp.example.net webcache04.isp.example.net webcache05.isp.example.net People can lookup real contact information in whois. > > Another solution would be to have synthesis in DNS. There is a > > special ICMPv6 which can be used to query a host for it's hostname. > > > > See draft-ietf-ipngwg-icmp-name-lookups-10.txt, though I don't know > > the exact status, KAME stacks have it, from ping6 man on BSD: > > 8<----------- > > -w Generate ICMPv6 Node Information DNS Name query, rather than > > echo-request. -s has no effect if -w is specified. > > - ----------->8 > > > > Thus: > > jeroen@bfib:~$ ping6 -v -w hog > > PING6(72=40+8+24 bytes) 2001:7b8:3:1e:290:27ff:fe0c:5c5e --> 2001:7b8:3:17:203:47ff:fe3b:3138 > > 33 bytes from 2001:7b8:3:17:203:47ff:fe3b:3138: hog.ipng.nl. (TTL=0:meaningless) > > 33 bytes from 2001:7b8:3:17:203:47ff:fe3b:3138: hog.ipng.nl. (TTL=0:meaningless) > > > > Interesting, I wonder how that interacts with link-local names ... That is why it is still in draft status ;) Anyways, it _always_ returns the 'hostname' as configured on the machine itself, which doesn't need to be the same in the forward zone, which will probably nicely point to it's global ipv6 address. > > The brave new world over here (Europe) works quite well, we simply > > don't use 6bone that much anymore thus have been happily using > > RIPE's ip6.int + ip6.arpa delegations. > > Of course, you are in Europe and have a reasonable RIR. Over here we > have APNIC. Worse, in .au very few ISPs have been experimenting with > IPv6. RIR's listen to their membership, thus call your vote at the meetings and the mailinglists if you don't like them and don't forget one very important thing: arguments. The above is as stupid as saying that "Bush is dumb". Which Bush and above all why is he dumb? (which CIA/FBI/NSA :) Personally, seeing the responses from APNIC staff on messages I sent I would say that they where doing just a good a job as RIPE. > Most of them have only begun recently, and the those that > aren't listed > at have an > allocation within the Trumpet netblock (a few through me). Then educate those ISP's... that is what we have been doing in .nl all the time and that *without* a "IPv6 Task Force" aka European Commission stuffed money. They are actually talking about making a TF for Holland, though I wonder why, probably just some bureaucratic way of getting rid of my tax money. Don't blame APNIC that the ISP's in their region don't think of the future. Btw if they need a hand, we don't run SixXS for nothing, it is not only for Europe I might add... > > ISP's doing the real thing > > have already switched to RIR space a long time ago, usually after > > having quite an extensive and happy testing time on the 6bone. > > Since you can't get 6bone addresses any longer you are obliged to deal > with your RIR (and few ISPs enjoy dealing with APNIC) or > someone with an existing delegation. Of course you can still 'get', and use, for that matter, 6bone addresses, though no pTLA's. Also APNIC has special 'experimentation' space if you require that. Either way, pay APNIC their rates and fill in the forms, compying to them and they will be *glad* to give ISP's IPv6 space. ISP's do have to do a bit of work for it though and actually use it naturally. Greets, Jeroen (Specially for the people who noted my consequent fault at writing 'of course': * = see see I added a space in between 'of' and 'course' ;) -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / http://unfix.org/~jeroen iQA+AwUBQC4RESmqKFIzPnwjEQIljACcDwy/V56vPkdaaTutDkAO3X60A38AmKnH LW2hxSHCN9yIDHyo2OJltcY= =+nDT -----END PGP SIGNATURE----- From gert at space.net Sat Feb 14 04:48:58 2004 From: gert at space.net (Gert Doering) Date: Sat Feb 14 04:49:16 2004 Subject: [6bone] Re: reverse 6dns painful (was Re: reverse DNSconsideredpointless) In-Reply-To: <20040214110243.GA1776@may.projectdream.org> References: <003201c3f220$c6574830$210d640a@unfix.org> <20040213120324.GC3887@dragon.stack.nl> <402D2760.3040200@fpsn.net> <20040214105455.GP8040@Space.Net> <20040214110243.GA1776@may.projectdream.org> Message-ID: <20040214124858.GT8040@Space.Net> Hi, On Sat, Feb 14, 2004 at 12:02:43PM +0100, Lukas Beeler wrote: > * Gert Doering : > > On Fri, Feb 13, 2004 at 12:37:04PM -0700, Colin Faber wrote: > > > Additionally unless I'm mistaken that standard still does not allow > > > underscores '_' (something that MS ADS uses in host names) > > The fact that MS doesn't adhere to the standard doesn't mean the *standard* > > needs changing ("that standard still does not allow..."). > > Citing http://www.rfc-editor.org/rfc/rfc2782.txt: Good point. Now the interesting question is - are the authors of RFC2782 aware that they violate DNS host name requirements, or are they even doing it *on purpose*, so that... > | The symbolic name of the desired service, as defined in Assigned > | Numbers [STD 2] or locally. An underscore (_) is prepended to > | the service identifier to avoid collisions with DNS labels that > | occur in nature. ... no clash with "proper" DNS names can occur? However, this is not really IPv6 related. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 58081 (57882) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From jorgen at hovland.cx Sat Feb 14 06:21:53 2004 From: jorgen at hovland.cx (=?iso-8859-1?Q?J=F8rgen_Hovland?=) Date: Sat Feb 14 06:22:18 2004 Subject: [6bone] Re: reverse 6dns painful (was Re:reverse DNSconsideredpointless) References: <003201c3f220$c6574830$210d640a@unfix.org><20040213120324.GC3887@dragon.stack.nl><402D2760.3040200@fpsn.net> <20040214105455.GP8040@Space.Net><20040214110243.GA1776@may.projectdream.org> <20040214124858.GT8040@Space.Net> Message-ID: <023e01c3f305$e5d82680$ef39b3d5@klimax> ----- Original Message ----- From: "Gert Doering" To: <6bone@ISI.EDU> Sent: Saturday, February 14, 2004 1:48 PM Subject: Re: [6bone] Re: reverse 6dns painful (was Re:reverse DNSconsideredpointless) > Hi, > > On Sat, Feb 14, 2004 at 12:02:43PM +0100, Lukas Beeler wrote: > > * Gert Doering : > > > On Fri, Feb 13, 2004 at 12:37:04PM -0700, Colin Faber wrote: > > > > Additionally unless I'm mistaken that standard still does not allow > > > > underscores '_' (something that MS ADS uses in host names) > > > The fact that MS doesn't adhere to the standard doesn't mean the *standard* > > > needs changing ("that standard still does not allow..."). > > > > Citing http://www.rfc-editor.org/rfc/rfc2782.txt: > > Good point. Now the interesting question is - are the authors of RFC2782 > aware that they violate DNS host name requirements, or are they even > doing it *on purpose*, so that... > > > | The symbolic name of the desired service, as defined in Assigned > > | Numbers [STD 2] or locally. An underscore (_) is prepended to > > | the service identifier to avoid collisions with DNS labels that > > | occur in nature. > > ... no clash with "proper" DNS names can occur? There's another RFC, don't remember the number, _suggesting_ that underscore should be a valid character. There are a lot of unix os' filterering non-standard characters at the resolver level. As Jeroen said: "Nevertheless a protocol is a standard the second it reaches critical mass." Since there are TLD providers supporting almost raw UTF8 like .NU (I even know of a registrar supporting UTF16), not talking particulary about underscore here, I would say that it has already or will soon reach critical mass. > > However, this is not really IPv6 related. Just a tad. Joergen Hovland From edlewis at arin.net Sat Feb 14 08:12:19 2004 From: edlewis at arin.net (Edward Lewis) Date: Sat Feb 14 08:12:32 2004 Subject: [6bone] Re: reverse 6dns painful (was Re: reverse DNSconsideredpointless) In-Reply-To: <20040214124858.GT8040@Space.Net> References: <003201c3f220$c6574830$210d640a@unfix.org> <20040213120324.GC3887@dragon.stack.nl> <402D2760.3040200@fpsn.net> <20040214105455.GP8040@Space.Net> <20040214110243.GA1776@may.projectdream.org> <20040214124858.GT8040@Space.Net> Message-ID: At 13:48 +0100 2/14/04, Gert Doering wrote: >Good point. Now the interesting question is - are the authors of RFC2782 >aware that they violate DNS host name requirements, or are they even >doing it *on purpose*, so that... I have no stance on reverse map for IPv6, but I do think an explanation of "what is standard" needs to be cleared up. The authors are *not* violating "DNS host name requirements." The reigning confusion is over the difference between domain names and host names. DNS does not have host name requirements, per se. DNS has domain name requirements and the DNS documents do make recommendations - the recommendations cause the confusion. In RFC 1034, sect. 3.1, top of page 8, in the middle of the discussion: "The rationale for this choice is that we may someday need to add full binary domain names for new services; existing services would not be changed." The intent then was to not restrict the contents of domain names. RFC 1123 is often cited as restricting what is in a label - it is a document on host requirements ("Requirements for Internet Hosts -- Application and Support"). Adding to the confusion is RFC 1035 which has this in it: #