About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [dns-wg] RIPE's MNAME recommendation

  • To: Daniel Karrenberg <
    >
  • From: Patrik Fältström <
    >
  • Date: Sat, 1 Oct 2005 12:40:09 +0200
  • Authentication-results: imail.cisco.com; header.From=paf@localhost dkim=pass (message from cisco.com verified; );
  • Cc: Roy Arends <
    >, Paul Herman <
    >,
  • Dkim-signature: a=rsa-sha1; q=dns; l=1253; t=1128163907; x=1128596107;c=nowsp; s=nebraska; h=Subject:From:Date:Content-Type:Content-Transfer-Encoding;d=cisco.com; i=paf@localhost z=Subject:Re=3A=20[dns-wg]=20RIPE's=20MNAME=20recommendation|From:=3D?ISO-8859-1?Q?Patrik_F=3DE4ltstr=3DF6m?=3D=20paf@localhost|Date:Sat,=201=20Oct=202005=2012=3A40=3A09=20+0200|Content-Type:text/plain=3B=20charset=3DUS-ASCII=3B=20delsp=3Dyes=3B=20format=3Dflowed|Content-Transfer-Encoding:7bit;b=iR9uO71Q2j9OyZjj5gARYjwtO8QFhj7wmiVDLI56hu6YAminMmogYvXd59qA1rkVi1T1k4MAS5tySVy6KjF6iUKZ5Q+qOg9FI9riPam2hUVOkb7CA5PNyVi88dXfM0N1o3hILckM31g4cLTjB/0a2NybFGEvu8uOhrPLaRmKfaQ=
On Sep 30, 2005, at 17:24, Daniel Karrenberg wrote:
All the words were written before hidden masters were necessary or invented.

Whether SOAs are used to determine recipients of NOTIFY is a local matter.
I do not think there need to be standards or recommendataions about that.

So the recommendation should be to put into the MNAME field the domain
name of an authoritative name server that allows AXFRs and is the
intended target for dynamic updates. The difficult question is what to
put there if there is no such server. It is perfectly OK to not use or
allow AXFR and not to use dynamic updates.

I have no bright ideas here. But what should be recognised is that there
may be no such server.
As said on this list earlier, the fact is that software deployed do use the MNAME field to try to do dynamic update to and other kind of access. Because of this, for me the MNAME field is in reality a field of data that helps leakage of RFC 1918 addresses if the hostname in MNAME is having such an IP address. This in turn forces to fall under the category of "things that should not have RFC 1918 data".

The question is then, as Daniel says, what to put in the MNAME field, as we have conflicting requirements. That it lists the hostname that is the primary master, and that it should not expose RFC 1918 addresses.

My suggestion would be to put a domain name there in the domain that hosts the domain, a hostname that can receive the traffic generated by any tool that uses the mname in the SOA for something.

Patrik



Post To The List:

Replies

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community