> This will work for a short time only because those proxies will likely > be changed to return their own address for DOMAIN.LOCAL.ARPA.
The draft specifically prohibits this. Of course vendors _do_ ignore RFCs, otherwise this draft wouldn't be necessary. However we'd be in a good position to name and shame any vendor whose proxies intentionally serve LOCAL.ARPA in defiance of the standard. > You cannot rely on a NXDOMAIN response for DOMAIN.LOCAL.ARPA when the > resolver does not support this protocol due to widespread DNS > poisoning. Hmm - given the need to protect this query a nonce prefix may be a useful addition. That requires more thought... > I wholeheartedly support the creation of LOCAL.ARPA, though. But you > should mention that mDNS MUST NOT be used for LOCAL.ARPA (so that some > people don't get funny ideas). OK, I'll consult with Stuart on mDNS and it's interaction (or otherwise) with this. thanks, Ray
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
