Re: [DNSOP] DNS names for local networks - not only home residental networks ...

Stephane Bortzmeyer <bortzmeyer@nic.fr> Mon, 04 September 2017 14:59 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC5511321AF for <dnsop@ietfa.amsl.com>; Mon, 4 Sep 2017 07:59:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QeojQWx4nRWb for <dnsop@ietfa.amsl.com>; Mon, 4 Sep 2017 07:59:17 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC7901321A1 for <dnsop@ietf.org>; Mon, 4 Sep 2017 07:59:17 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 497E028058E; Mon, 4 Sep 2017 16:59:16 +0200 (CEST)
Received: by mx4.nic.fr (Postfix, from userid 500) id 434FD2805B2; Mon, 4 Sep 2017 16:59:16 +0200 (CEST)
Received: from relay01.prive.nic.fr (relay01.prive.nic.fr [IPv6:2001:67c:2218:15::11]) by mx4.nic.fr (Postfix) with ESMTP id 3C72F28058E; Mon, 4 Sep 2017 16:59:16 +0200 (CEST)
Received: from b12.nic.fr (b12.users.prive.nic.fr [10.10.86.133]) by relay01.prive.nic.fr (Postfix) with ESMTP id 39410606D941; Mon, 4 Sep 2017 16:59:16 +0200 (CEST)
Received: by b12.nic.fr (Postfix, from userid 1000) id 318E640360; Mon, 4 Sep 2017 16:59:16 +0200 (CEST)
Date: Mon, 04 Sep 2017 16:59:16 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: "Walter H." <walter.h@mathemainzel.info>
Cc: Mark Andrews <marka@isc.org>, "dnsop@ietf.org" <dnsop@ietf.org>
Message-ID: <20170904145916.ccuvetldvao7s47h@nic.fr>
References: <150428805872.6417.9525310755360551475@ietfa.amsl.com> <59A9B760.2060209@mathemainzel.info> <alpine.DEB.2.11.1709012044210.2676@grey.csi.cam.ac.uk> <59A9BCA2.6060008@mathemainzel.info> <20170903043202.GA18082@besserwisser.org> <59AC4E42.9080600@mathemainzel.info> <60304450-DFA3-4982-B01D-CC33C49BDCFC@isc.org> <59f8c88caaf82a5884aa87223d49e7e4.1504505559@squirrel.mail>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <59f8c88caaf82a5884aa87223d49e7e4.1504505559@squirrel.mail>
X-Operating-System: Debian GNU/Linux 9.1
X-Kernel: Linux 4.9.0-3-amd64 x86_64
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: NeoMutt/20170113 (1.7.2)
X-Bogosity: No, tests=bogofilter, spamicity=0.031949, version=1.2.2
X-PMX-Version: 6.0.0.2142326, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2017.9.4.144816
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/5RklFA5Joq_gy7EDk9C4lE-AsLc>
Subject: Re: [DNSOP] DNS names for local networks - not only home residental networks ...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Sep 2017 14:59:20 -0000

On Mon, Sep 04, 2017 at 08:12:39AM +0200,
 Walter H. <walter.h@mathemainzel.info> wrote 
 a message of 23 lines which said:

> the 1st: uniqueness is not a requirement here

Serious mistake. Companies merge, and are bought. Any netadmin had, at
least once in his professional life, to manage RFC 1918 networks
merging and collisioning after some corporate change.

If it's not realistic to switch from .local to the proper
.private.mycompany.com to follow Best Practices, then it is certainly
not realistic to do so when two companies merge, and their .local
collide.

> the 2nd: global knowledge of locally used names might raise a
> security problem ...

You don't have to make the nameservers reachable from the outside. Most
of the time, name servers for .private.mycompany.com are
internal-only.