[dns-wg] RIPE's MNAME recommendation

--On den 30 september 2005 13.19.41 +0200 Paul Herman
<pherman at cleverbridge.com> wrote:

> Hello dns-wg list!
> 
> SUMMARY:
> In short, in a SOA RR of ours we have an MNAME that corresponds to a
> primary master server which has a private IP address.  This is causing
> problems with many RIPE member registrars.

> Is it possible that RIPE could consider relaxing this "recommendation"
> that causes problems for RFC compliant zones?  How do you, the DNS
> community, feel about this?

I think not. The collateral damage of allowing this relaxation when applied
to another organisation, where there are slave servers that might not be in
the same routing domain[0] as the MNAME box (and thus not able to see the
RFC 1918 address, because 1918 says those addresses should stay in one
routing domain) would be un-nice. 

Basically, using RFC 1918 address space for central, critical
infrastructure that might get connections from arbitrary places on the net
is a bad idea. Allowing it in a policy document is even worse. 
-- 
Måns Nilsson                    Systems Specialist
+46 70 681 7204   cell                      KTHNOC
+46 8 790 6518  office                 MN1334-RIPE


[0] Many texts, ripe-192 being one of the more well-written ones,
explicitly talk about getting secondaries in Other Places(tm), which means
that you probably, as a slave, are not seeing the same 192.168.47.11 as the
other servers, if the MNAME resolves to a RFC 1918 address. This also is
messy
with dynamic updates. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: </ripe/mail/archives/dns-wg/attachments/20050930/6f80fa40/attachment.sig>