At 5:00 +0000 2/20/07, Paul Vixie wrote:
because the default is for ambiguous addresses to leak into places where they make no sense. similarly, rfc 1918 source addressed ip packets should not be able to escape their routing domain by default.
The addresses are "private" not "ambiguous." Calling them as such makes them sound evil. Is this meant to be a debate on the utility of RFC 1918 or on operational issues with DNS? If the routing layer fails to live up to the standards for that, it needs to be fixed.
it's everybody's problem and every protocol's and service's problem. in dns, it looks like A RR's and so that's where i'm proposing to filter it.
You can alter your implementation to serve your user base. But so long as there are standard ways to properly use RFC 1918 space, I would hope that there are tools to available to do that.
In other venues I have held a theme that if a protocol is often used incorrectly, the problem lay with the protocol as opposed to blaming this all on "dumb" or clueless users. If there are problems with the protocol involved, that is where the fixes should happen. If you start throwing hacks into the DNS to solve routing issues, you will someday find that the architecture of the Internet is no longer a modular system and just a tangled mess.
I still fail to be convinced that a name server with a RFC 1918 address is a threat to the stability of DNS. There are times when it can be done on intent and properly managed. How prevalent is it mistakenly done? When it happens, does the DNS (or significant portions) go dark?
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar "Two years ago you said we had 5-7 years, now you are saying 3-5. What I need from you is a consistent story..." _______________________________________________ DNSOP mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dnsop
