DHCPv6 and MAC Address inclusion
Simon Hobson
dhcp1 at thehobsons.co.uk
Wed Jan 25 18:21:28 UTC 2012
José Queiroz wrote:
>>it will work for some, but it's not a good idea
>>for public services. Simple example, what if
>>you want to move a service to a different
>>machine ? Using EUID-64 addresses means you
>>either have to change the MAC on the new host
>>to match, or change the DNS and wait while it
>>propagates - with a day or 2 of parallel
>>running while caches expire.
>
>Well, you can work out DNS to reduce this time.
>And if you have the intention of moving the
>services, maybe using anycast addresses can
>solve the problem.
I was specifically responding to the idea of
using EUID-64 addresses to get round the problem
of DHCP and unknown client hardware. While I know
you can reduce the TLL (if you plan in advance),
that's no guarantee for two reasons :
1) Some services either ignore TTL or force it to
a minimum value - so the fact that you are
handing out (say) 5 minutes doesn't guarantee
that someone won't cache it for 24 hours.
2) Some services have a long update cycle. We use
one at work for additional dispersed DNS servers
(I'm responsible for authoritative DNS for about
600 domains at work). Rather that responding to
notifications and updating immediately as BIND
does, their system checks the master serial
number once an hour when they do a mass rebuild -
any updates are pulled then and will appear when
the rebuild is complete and rolls out. Changes
can take up to 2 hours to appear if you just miss
their poll.
As you say, there are many ways to deal with it -
EUID-64 addresses are one technique that could
suit some, as long as they know it's limitations.
Personally I dislike EUID-64 addresses because of
what they reveal. For that reason alone, I'd like
to be running DHCP internally so I can easily
switch addresses round periodically. I can't use
the privacy options at the moment on my laptop as
that will break my IPv6 setup at work.
>Well, you shall never doubt people's ability to
>create new ways of doing silly things.
Yes, just when you think you've got it foolproof, they invent a better fool :D
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list