This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[dns-wg] RIPE's MNAME recommendation

Previous message (by thread): [dns-wg] RIPE's MNAME recommendation
Next message (by thread): [dns-wg] RIPE's MNAME recommendation

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Paul Herman pherman at cleverbridge.com
Tue Oct 4 10:12:05 CEST 2005

[Just replying to some random message in the thread]

Excellent discussion, and I'm grateful for everyone's contribution.

Two points have essentially been brought up in this thread: 1) private 
MNAMEs lead to RFC 1918 pollution and 2) RIPE-203 is not policy but 
just a recommendation.

Many people commented that if the MNAME server points to a private RFC 
1918 A RR then this contributes exposure of the RFC 1918 address space 
to the rest of the internet.  While this statement is true, it is 
important to note that RFC 1918 pollution exists IFF the zone exposes 
RFC 1918 addresses via A, PTR (or AAAA?) RRs and not MNAME entries as 
some suggested.  In fact, it surprised me that RFC 1918 addresses 
became such an issue in this thread, because MNAME doesn't point to an 
address, only a machine domain name.  I am more concerned with whether 
MNAMEs should be required to resolve, and not what they should resolve to.

...(Appologies offered for the oversimplified "example.com" zone I 
presented in my original post.  It is not a real zone of ours, and was 
merely intended to illustrate the structure of the the name server 
relationships.  You can all rest assured that all querries to private 
RRs are answered only within our private network)...

As to RIPE-203 being neither policy nor standard but simply a 
recommendation, I may have been unlucky but based upon this very MNAME 
issue I have had one zone flat rejected by two registrars and was told 
by another after some discussion quite authoritatively that although 
they would let it slide, DENIC wouldn't allow it and the same would go 
for any .CH or .AT domain.  I'm currently batting 1 for 3 against.

It's been my experience that the registrars typically run their web 
scripts on the zone and if it doesn't pass their test (which include 
the RIPE-203 recommendations), then your request is rejected.  After 
you call them and finally reach someone who can help you, they point 
to RIPE-203, end of discussion.  I have no problem trying to take this 
up with individual registrars but it feels like battling windmills.  I 
have a stealth primary master with a private IP, no RFC 1918 address 
pollution and no dynamic updates configured for this zone at all. What 
is a sysadmin to do?

Looking forward to what fruit the upcoming DNS WG will bear...

Regards,
Paul Herman

Network Architect
cleverbrige AG
www.cleverbridge.com

Previous message (by thread): [dns-wg] RIPE's MNAME recommendation
Next message (by thread): [dns-wg] RIPE's MNAME recommendation

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ dns-wg Archives ]