On Nov 16, 2010, at 6:13 PM, Michael Schneider/calispera.com wrote:
Fredrik Pettai <pettai@nordu.net> wrote on 16.11.2010 16:02:09:
For the home user that's fine, but maybe not for a enterprise network. ack.
It's not just about provisioning DNS/resolver configuration to clients. It's about access control, e.g. to be able to centrally manage which client that are connected/assigned an IP. DHCP is IMHO not the right way to implement access control. What is your security credential in this solution?
Maybe I used the wrong wording here, maybe "inventory/provisioning system" is describing it better. Sorry.
I understand what you mean, but i think this is not a primary requirement for dhcp. In my view the use of dhcp for access control in your example is only a workaround and can`t be the solution for security.
Traceability e.g. which client where connect a specific time etc. to name a few of the common things you do with a centralized DHCP(v4) solution today. Please understand me right, i think we must have a look from the requirements side. IMHO we must consider the IPv4 solutions for IPv6 and perhaps can`t use it 1to1 in the IPv6-world.
No, I can agree with that. But what other alternatives do we have today (even counting drafts)? /P