This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] RIPE's MNAME recommendation
- Previous message (by thread): [dns-wg] RIPE's MNAME recommendation
- Next message (by thread): [dns-wg] RIPE's MNAME recommendation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Paul Herman
pherman at cleverbridge.com
Tue Oct 4 10:12:05 CEST 2005
[Just replying to some random message in the thread] Excellent discussion, and I'm grateful for everyone's contribution. Two points have essentially been brought up in this thread: 1) private MNAMEs lead to RFC 1918 pollution and 2) RIPE-203 is not policy but just a recommendation. Many people commented that if the MNAME server points to a private RFC 1918 A RR then this contributes exposure of the RFC 1918 address space to the rest of the internet. While this statement is true, it is important to note that RFC 1918 pollution exists IFF the zone exposes RFC 1918 addresses via A, PTR (or AAAA?) RRs and not MNAME entries as some suggested. In fact, it surprised me that RFC 1918 addresses became such an issue in this thread, because MNAME doesn't point to an address, only a machine domain name. I am more concerned with whether MNAMEs should be required to resolve, and not what they should resolve to. ...(Appologies offered for the oversimplified "example.com" zone I presented in my original post. It is not a real zone of ours, and was merely intended to illustrate the structure of the the name server relationships. You can all rest assured that all querries to private RRs are answered only within our private network)... As to RIPE-203 being neither policy nor standard but simply a recommendation, I may have been unlucky but based upon this very MNAME issue I have had one zone flat rejected by two registrars and was told by another after some discussion quite authoritatively that although they would let it slide, DENIC wouldn't allow it and the same would go for any .CH or .AT domain. I'm currently batting 1 for 3 against. It's been my experience that the registrars typically run their web scripts on the zone and if it doesn't pass their test (which include the RIPE-203 recommendations), then your request is rejected. After you call them and finally reach someone who can help you, they point to RIPE-203, end of discussion. I have no problem trying to take this up with individual registrars but it feels like battling windmills. I have a stealth primary master with a private IP, no RFC 1918 address pollution and no dynamic updates configured for this zone at all. What is a sysadmin to do? Looking forward to what fruit the upcoming DNS WG will bear... Regards, Paul Herman Network Architect cleverbrige AG www.cleverbridge.com
- Previous message (by thread): [dns-wg] RIPE's MNAME recommendation
- Next message (by thread): [dns-wg] RIPE's MNAME recommendation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]