[dns-wg] RIPE's MNAME recommendation

On Sep 30, 2005, at 17:24, Daniel Karrenberg wrote:

> All the words were written before hidden masters were necessary or  
> invented.
>
> Whether SOAs are used to determine recipients of NOTIFY is a local  
> matter.
> I do not think there need to be standards or recommendataions about  
> that.
>
> So the recommendation should be to put into the MNAME field the domain
> name of an authoritative name server that allows AXFRs and is the
> intended target for dynamic updates.  The difficult question is  
> what to
> put there if there is no such server.  It is perfectly OK to not  
> use or
> allow AXFR and not to use dynamic updates.
>
> I have no bright ideas here. But what should be recognised is that  
> there
> may be no such server.

As said on this list earlier, the fact is that software deployed do  
use the MNAME field to try to do dynamic update to and other kind of  
access. Because of this, for me the MNAME field is in reality a field  
of data that helps leakage of RFC 1918 addresses if the hostname in  
MNAME is having such an IP address. This in turn forces to fall under  
the category of "things that should not have RFC 1918 data".

The question is then, as Daniel says, what to put in the MNAME field,  
as we have conflicting requirements. That it lists the hostname that  
is the primary master, and that it should not expose RFC 1918 addresses.

My suggestion would be to put a domain name there in the domain that  
hosts the domain, a hostname that can receive the traffic generated  
by any tool that uses the mname in the SOA for something.

     Patrik