About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [dns-wg] RIPE's MNAME recommendation

  • From: Paul Herman <
    >
  • Date: Tue, 04 Oct 2005 10:12:05 +0200
[Just replying to some random message in the thread]

Excellent discussion, and I'm grateful for everyone's contribution.

Two points have essentially been brought up in this thread: 1) private MNAMEs lead to RFC 1918 pollution and 2) RIPE-203 is not policy but just a recommendation.

Many people commented that if the MNAME server points to a private RFC 1918 A RR then this contributes exposure of the RFC 1918 address space to the rest of the internet. While this statement is true, it is important to note that RFC 1918 pollution exists IFF the zone exposes RFC 1918 addresses via A, PTR (or AAAA?) RRs and not MNAME entries as some suggested. In fact, it surprised me that RFC 1918 addresses became such an issue in this thread, because MNAME doesn't point to an address, only a machine domain name. I am more concerned with whether MNAMEs should be required to resolve, and not what they should resolve to.

...(Appologies offered for the oversimplified "example.com" zone I presented in my original post. It is not a real zone of ours, and was merely intended to illustrate the structure of the the name server relationships. You can all rest assured that all querries to private RRs are answered only within our private network)...

As to RIPE-203 being neither policy nor standard but simply a recommendation, I may have been unlucky but based upon this very MNAME issue I have had one zone flat rejected by two registrars and was told by another after some discussion quite authoritatively that although they would let it slide, DENIC wouldn't allow it and the same would go for any .CH or .AT domain. I'm currently batting 1 for 3 against.

It's been my experience that the registrars typically run their web scripts on the zone and if it doesn't pass their test (which include the RIPE-203 recommendations), then your request is rejected. After you call them and finally reach someone who can help you, they point to RIPE-203, end of discussion. I have no problem trying to take this up with individual registrars but it feels like battling windmills. I have a stealth primary master with a private IP, no RFC 1918 address pollution and no dynamic updates configured for this zone at all. What is a sysadmin to do?

Looking forward to what fruit the upcoming DNS WG will bear...

Regards,
Paul Herman

Network Architect
cleverbrige AG
www.cleverbridge.com



Post To The List:

Replies

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community