> On 25 Sep 2019, at 10:53 am, Paul Ebersman <[email protected]> > wrote: > > marka> When a *ISP* advertises a DNS server to its *customers* IT SHOULD > marka> WORK FOR ALL OF THE CUSTOMER'S MACHINES! > > That doesn't mean it can't be ULA. And it would be hideous but you can > use LL if you flatten the broadcast domain. There are lots of reasons > why this isn't the best idea but you don't know everyone's network, so > saying "that's bad and I'd never do it so we shouldn't support it" at > the network layer isn't a reasonable answer.
Yes, I don’t known the ISP’s network and I don’t know the customer’s network but neither does the ISP know the customer’s network. There is nothing wrong with a ISP advertising LL or ULA to its own machines excluding CPE routes assuming the ISP owns them. Similarly there is nothing wrong with a customer advertising LL or ULA to its own machines. It is the cross site nature of the ISP/customer relationship which makes it wrong for this particular scenario. > marka> The CPE is a SITE boundary. It is also a Link-Local > marka> Boundary. ULA source packets DO NOT cross the CPE by default it > marka> the CPE is properly configured. Link-Local packets should NEVER > marka> cross the CPE as it is NOT A BRIDGE/SWITCH but is a router. > > No need to shout... And the same could be said of RFC 1918 but ISPs have > used that for thousands of homes, crossing thousands of CPEs. Not the > best choice and not your choice but it does work for some folks. Advertising RFC 1918 address as DNS servers by the ISP is also wrong as the ISP has zero knowledge of which addresses are in use by the customer and is actually prohibited by RFC1918 as they are being advertised outside of the site. It doesn’t mean that there are not ISP’s that do that but it isn’t expected to work. A good CPE will filter RFC 1918 source packet inbound and NAT them outbound so the RFC 1918 address are not visible to other sites. > "site boundary" and what is "local" in ULA have never been well defined > because of this. CPE routers being the exception. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
