Re: [DNSOP] DNS names for local networks - not only home residental networks ...
Måns Nilsson <mansaxel@besserwisser.org> Sun, 03 September 2017 04:32 UTC
Return-Path: <mansaxel@besserwisser.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3908F132925 for <dnsop@ietfa.amsl.com>; Sat, 2 Sep 2017 21:32:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TAgpxaufa-1m for <dnsop@ietfa.amsl.com>; Sat, 2 Sep 2017 21:32:04 -0700 (PDT)
Received: from jaja.besserwisser.org (jaja.besserwisser.org [192.36.115.55]) by ietfa.amsl.com (Postfix) with ESMTP id 79C1B1328DB for <dnsop@ietf.org>; Sat, 2 Sep 2017 21:32:04 -0700 (PDT)
Received: by jaja.besserwisser.org (Postfix, from userid 1004) id A66F39E40; Sun, 3 Sep 2017 06:32:02 +0200 (CEST)
Date: Sun, 03 Sep 2017 06:32:02 +0200
From: Måns Nilsson <mansaxel@besserwisser.org>
To: "Walter H." <Walter.H@mathemainzel.info>
Cc: Tony Finch <dot@dotat.at>, "dnsop@ietf.org" <dnsop@ietf.org>
Message-ID: <20170903043202.GA18082@besserwisser.org>
References: <150428805872.6417.9525310755360551475@ietfa.amsl.com> <59A9B760.2060209@mathemainzel.info> <alpine.DEB.2.11.1709012044210.2676@grey.csi.cam.ac.uk> <59A9BCA2.6060008@mathemainzel.info>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="n8g4imXOkfNTN/H1"
Content-Disposition: inline
In-Reply-To: <59A9BCA2.6060008@mathemainzel.info>
X-URL: http://vvv.besserwisser.org
X-Clacks-Overhead: "GNU Sir Terry Pratchett"
X-Purpose: More of everything NOW!
X-happyness: Life is good.
User-Agent: Mutt/1.7.2 (2016-11-26)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/spmrgo3L8enj4r8JRV3V_zySHas>
Subject: Re: [DNSOP] DNS names for local networks - not only home residental networks ...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Sep 2017 04:32:06 -0000
Subject: Re: [DNSOP] DNS names for local networks - not only home residental networks ... Date: Fri, Sep 01, 2017 at 10:01:38PM +0200 Quoting Walter H. (Walter.H@mathemainzel.info): > On 01.09.2017 21:47, Tony Finch wrote: > > Corporate environments are a somewhat different matter, since you can > > expect them to own their own domain name and have people who can set up > > devices to use it. > BUT this need not necessarily be a public domain ..., just think of Active > Directory Domains ... AD is DNS, and it follows the same rules. A sub-domain, a separate domain or two-face (using the same domain name as you public-facing resources but a different set of authoritative servers and some careful setup of full-service resolvers), all work. The single thing that does not work is to use name-space you do not own (like LOCAL or a domain name from a non-existent TLD, like "web". Ooops. It does now...) and hope it doesn't escape. Or that somebody registers the name and tries to impersonate you. I've run two-face, and the results were excellent. But watch out with DNSSEC; you need to have the same keys signing both zones. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE SA0XLR +46 705 989668 Our father who art in heaven ... I sincerely pray that SOMEBODY at this table will PAY for my SHREDDED WHAT and ENGLISH MUFFIN ... and also leave a GENEROUS TIP ....
- [DNSOP] DNS names for local networks - not only h… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNS names for local networks - not on… Paul Wouters
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNS names for local networks - not on… Paul Wouters
- Re: [DNSOP] DNS names for local networks - not on… Warren Kumari
- Re: [DNSOP] DNS names for local networks - not on… Ralph Droms
- Re: [DNSOP] DNS names for local networks - not on… Warren Kumari
- Re: [DNSOP] DNS names for local networks - not on… Paul Vixie
- Re: [DNSOP] DNS names for local networks - not on… Måns Nilsson
- Re: [DNSOP] DNS names for local networks - not on… Andrew Sullivan
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Mark Andrews
- Re: [DNSOP] DNS names for local networks - not on… Paul Hoffman
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- [DNSOP] DNSSEC in local networks Jim Reid
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Jim Reid
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Måns Nilsson
- Re: [DNSOP] DNSSEC in local networks Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNSSEC in local networks Petr Špaček
- Re: [DNSOP] DNS names for local networks - not on… Stephane Bortzmeyer
- Re: [DNSOP] DNS names for local networks - not on… Stephane Bortzmeyer
- Re: [DNSOP] DNSSEC in local networks Stephane Bortzmeyer
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNSSEC in local networks Stephane Bortzmeyer
- Re: [DNSOP] DNSSEC in local networks Paul Vixie
- Re: [DNSOP] DNSSEC in local networks Tony Finch
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNSSEC in local networks Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Paul Vixie
- Re: [DNSOP] DNS names for local networks - not on… Michael H. Warfield
- Re: [DNSOP] DNS names for local networks - not on… Lyndon Nerenberg
- Re: [DNSOP] DNS names for local networks - not on… Mark Andrews
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNSSEC in local networks Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Stephane Bortzmeyer
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Matthew Pounsett
- Re: [DNSOP] DNS names for local networks - not on… Andrew Sullivan
- Re: [DNSOP] DNS names for local networks - not on… Paul Vixie
- Re: [DNSOP] DNS names for local networks - not on… Andrew Sullivan
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNSSEC in local networks Warren Kumari
- [DNSOP] Fwd: DNSSEC in local networks william manning