Re: [DNSOP] DNS names for local networks - not only home residental networks ...
Mark Andrews <marka@isc.org> Mon, 04 September 2017 08:58 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B04E11321AA for <dnsop@ietfa.amsl.com>; Mon, 4 Sep 2017 01:58:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, PP_MIME_FAKE_ASCII_TEXT=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aaKEDX57H-D3 for <dnsop@ietfa.amsl.com>; Mon, 4 Sep 2017 01:58:50 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C417C13248B for <dnsop@ietf.org>; Mon, 4 Sep 2017 01:58:49 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ams1.isc.org (Postfix) with ESMTPS id 76E6624AE34; Mon, 4 Sep 2017 08:58:38 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 21E0316007F; Mon, 4 Sep 2017 08:58:45 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 0A21016007E; Mon, 4 Sep 2017 08:58:45 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id MQhQcMZwtwNd; Mon, 4 Sep 2017 08:58:44 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id A337E16005C; Mon, 4 Sep 2017 08:58:44 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 890C28411BA8; Mon, 4 Sep 2017 18:58:40 +1000 (AEST)
To: "Walter H." <walter.h@mathemainzel.info>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
From: Mark Andrews <marka@isc.org>
References: <150428805872.6417.9525310755360551475@ietfa.amsl.com> <59A9B760.2060209@mathemainzel.info> <alpine.DEB.2.11.1709012044210.2676@grey.csi.cam.ac.uk> <59A9BCA2.6060008@mathemainzel.info> <20170903043202.GA18082@besserwisser.org> <59AC4E42.9080600@mathemainzel.info> <60304450-DFA3-4982-B01D-CC33C49BDCFC@isc.org> <59f8c88caaf82a5884aa87223d49e7e4.1504505559@squirrel.mail>
In-reply-to: Your message of "Mon, 04 Sep 2017 08:12:39 +0200." <59f8c88caaf82a5884aa87223d49e7e4.1504505559@squirrel.mail>
Date: Mon, 04 Sep 2017 18:58:40 +1000
Message-Id: <20170904085840.890C28411BA8@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/z0YQ4L_a8EPA9qR9NUeXKrOcJGo>
Subject: Re: [DNSOP] DNS names for local networks - not only home residental networks ...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Sep 2017 08:58:52 -0000
In message <59f8c88caaf82a5884aa87223d49e7e4.1504505559@squirrel.mail>, "Walter H." writes: > On Sun, September 3, 2017 23:38, Mark Andrews wrote: > >> ]On 4 Sep 2017, at 4:47 am, Walter H. <Walter.H@mathemainzel.info> > >> wrote: > >> > >> even if I fully ACK this, but 15 years ago, nobody said, that ".local", > >> ... would conflict one day ... > >> and also the company I work for has decided at these times to use a > >> ".local" as internal domain and AD; > >> now it is impossible to change this ... > > > > Why would anyone tell you that â.localâ would conflict when you were > > supposed > > to register a name *before* using it. > > NAK: because there are two points: > the 1st: uniqueness is not a requirement here > the 2nd: global knowledge of locally used names might raise a security > problem ... Except you misses the entire point of getting a registered name, that is to be able to use it safely without anyone trampling on its use. 'home.arpa' is in the process of being registered so that it can be used safely in the environment it is designed to be used in. Yes, 'home.arpa' will be registered. It's a different type of registration to the one that is normally done by talking to your friendly DNS registrar but it is a registration. > > If you are doing AD correctly you should be able to register you machines > > wherever > > they connect to the Internet and that requires a public registration. > > you could that also say the other way round: if the folks had done their > job correct and made a DNS-pendant to RFC1918, many enterprises wouldn't > have the problems now, which are unresolveable ... Names are not addresses. They have different properties. > by the way: why are you discussing about DNSSEC for names that are used > only locally? I'm discussing about putting names through the DNSSEC validator and not having the fail validation. It is also possible to use DNSSEC within home.arpa. It requires more care especially if you have a mobile device but it is possible. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- [DNSOP] DNS names for local networks - not only h… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNS names for local networks - not on… Paul Wouters
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNS names for local networks - not on… Paul Wouters
- Re: [DNSOP] DNS names for local networks - not on… Andrew Sullivan
- Re: [DNSOP] DNS names for local networks - not on… Warren Kumari
- Re: [DNSOP] DNS names for local networks - not on… Ralph Droms
- Re: [DNSOP] DNS names for local networks - not on… Warren Kumari
- Re: [DNSOP] DNS names for local networks - not on… Paul Vixie
- Re: [DNSOP] DNS names for local networks - not on… Måns Nilsson
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Mark Andrews
- Re: [DNSOP] DNS names for local networks - not on… Paul Hoffman
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- [DNSOP] DNSSEC in local networks Jim Reid
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Jim Reid
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Måns Nilsson
- Re: [DNSOP] DNSSEC in local networks Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNSSEC in local networks Petr Špaček
- Re: [DNSOP] DNS names for local networks - not on… Stephane Bortzmeyer
- Re: [DNSOP] DNS names for local networks - not on… Stephane Bortzmeyer
- Re: [DNSOP] DNSSEC in local networks Stephane Bortzmeyer
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNSSEC in local networks Stephane Bortzmeyer
- Re: [DNSOP] DNSSEC in local networks Tony Finch
- Re: [DNSOP] DNSSEC in local networks Paul Vixie
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNSSEC in local networks Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Paul Vixie
- Re: [DNSOP] DNS names for local networks - not on… Michael H. Warfield
- Re: [DNSOP] DNS names for local networks - not on… Lyndon Nerenberg
- Re: [DNSOP] DNS names for local networks - not on… Mark Andrews
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNSSEC in local networks Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Stephane Bortzmeyer
- Re: [DNSOP] DNS names for local networks - not on… Matthew Pounsett
- Re: [DNSOP] DNS names for local networks - not on… Andrew Sullivan
- Re: [DNSOP] DNS names for local networks - not on… Paul Vixie
- Re: [DNSOP] DNS names for local networks - not on… Andrew Sullivan
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNSSEC in local networks Warren Kumari
- [DNSOP] Fwd: DNSSEC in local networks william manning