Am Dienstag, 24. Juni 2014, 15:01:09 schrieb Kelly Setzer: > Summary: > As a result of your input and related research, I¹ll be recommending the > use of a registered domain for internal DNS for the project I¹m working on. >
Hi, for your project right now that's propably the best solution to go. And I know for most participants of this list this is also the best solution, but I still want to argue for the other way: If you have (for example for security reasons) a completly seperated internal network (only connected through DMZ/proxy/firewall but not directly routed) then there should be a general solution for this problem like it is there on layer three: For IPv4 everybody know, the range 10/8 is for internal use and such a thing should exist (defined via RFC) for DNS as well, no matter if the name is corp or local or internal or whatever as long as there is one. The argument, that you won't get a certificate for these names from someone who is regognized by your browser isn't valid: As you only would use such a internal domain for your internal network, you would have to create a internal CA anyway (and put it in your browsers). This way you would have a clean split between internal world and the outside internet. The only situation where this wouldn't be advisable is if you face the possibility that the internal network at some point in time will be merged with the outside world. In my opinion it's a pity that there is no reserved domainname for the private use. Robert. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
