This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] RIPE's MNAME recommendation
- Previous message (by thread): [dns-wg] Fwd: [dns-wg-chair] 2005-07 One Week to End of Discussion Period
- Next message (by thread): [dns-wg] RIPE's MNAME recommendation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Paul Herman
pherman at cleverbridge.com
Fri Sep 30 13:19:41 CEST 2005
Hello dns-wg list! SUMMARY: In short, in a SOA RR of ours we have an MNAME that corresponds to a primary master server which has a private IP address. This is causing problems with many RIPE member registrars. PROBLEM: Using the language described in Section 2.1 of [RFC 1996], we have a primary master DNS server and two slave DNS servers. The primary master has a private [RFC 1918] IP address and the Slaves have public IP address, are named in the NS RRs for the zone and use zone transfer to recieve the zone from the primary master. Furthermore, in accordance with [RFC 1996], [RPC 1035] and [RIPE1] I have named the primary master as the original/primary source of the data for the zone. Here is an example zone file from what I'm talking about: example.com. 3600 SOA dns.private.example.com. hostmaster.example.com. ( 1999022301 ; serial YYYYMMDDnn 86400 ; refresh ( 24 hours) 7200 ; retry ( 2 hours) 3600000 ; expire (1000 hours) 172800 ) ; minimum ( 2 days) NS slave1.example.com. NS slave2.example.com. slave1 A {public-ip} slave2 A {public-ip} dns.private A 10.11.12.13 So far so good. Our zone appears to be fully RFC compliant. However, the problem arises when I try to transfer, say, the ownership of a ".de" zone using DENIC, because [RIPE1] additionally recommends that this be a valid address of the primary master, "valid" being the key word here. This is a problem, because many RIPE member registrars are indeed enforcing this policy. I gather, however, from more recent messages from Mr. Koch (who authored [RIPE1]), that the "MNAME field need not be part of the NS RRSet and need not be accessible." [ICANN-FORUM]. BTW, to my knowledge this is also neither enforced by IANA nor ICANN. Is it possible that RIPE could consider relaxing this "recommendation" that causes problems for RFC compliant zones? How do you, the DNS community, feel about this? Thank you for your attention in this matter. With kindest regards, Paul Herman Network Architect cleverbrige AG www.cleverbridge.com REFERENCES: ---------- [RFC 1035] Mockapetris,P., "Domain Names - Implementation and Specification", RFC 1035, STD 13, November 1987 [RFC 1918] Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear. "Address Allocation for Private Internets." February 1996 [RFC 1996] Vixie,P., "A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)", RFC 1996, August 1996 [ICANN-FORUM] http://forum.icann.org/lists/iana-del-data-comments/msg00004.html [RIPE1] Koch,P., "Recommendations for DNS SOA Values", ripe-203, http://www.ripe.net/ripe/docs/ripe-203.html , June 1999
- Previous message (by thread): [dns-wg] Fwd: [dns-wg-chair] 2005-07 One Week to End of Discussion Period
- Next message (by thread): [dns-wg] RIPE's MNAME recommendation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]