[IPv6] Managing dynamic /64 reverse zones inside a static /48 (no delegation)

[Nicolas C.]

Hello,

Since 2005, we are manually managing a /48 IPv6 prefix with a homemade 
software, our reverse zone is x.x.x.x.0.6.6.0.1.0.0.2.ip6.arpa.

We are now deploying dynamic/private networks for our workstations and 
to keep the IPv6 reverse zone up-to-date without rewriting our software, 
we came with the following solution : we create a /64 zone within the 
/48 and we allow dynamic updates on it (e.g. 
0.0.1.0.x.x.x.x.0.6.6.0.1.0.0.2.ip6.arpa.).

The PTR records on the dynamic /64 are for workstations, we don't do 
delegation with the /48 and so the /64 is not visible on our external 
view, this keeps our "private" prefix private.

As far as our software won't create PTR on a dynamic /64 and that the 
DHCP server isn't allowed to update the /48, is this setup can be 
considered safe?

It's working exactly as expected and I'm about to create dozens of /64 
IPv6 reverse zones, so I'm checking here in case I forgot something.

Regards,

Nicolas