On Dec 18 2013, Andreas Schulze wrote:
Hello,
I was requested to delegate a new subzone to nameservers with private
ip addresses.
I know it's at least not what makes me happy. But are there IETF
recommendations against this?
That would help me to drop the request.
As Mark Andrews says, there's useful stuff in RFC 1918 if you want
a "normative reference". Try in particular
| If an enterprise uses the private address space, or a mix of private
| and public address spaces, then DNS clients outside of the enterprise
| should not see addresses in the private address space used by the
| enterprise, since these addresses would be ambiguous.
This should apply, for example, to delegation glue in your case.
As long as we have been using RFC 1918 addresses we have tried to keep
them confined to a sub-zone private.cam.ac.uk. We used not to have a
delegation for that in cam.ac.uk at all, but various developments
(DNSSEC in particular) made that too hard a line to maintain. These
days there is a delegation, but it's to publicly accessible nameservers
which give REFUSED when queried about the zone contents from outside
the realm in which the RFC 1918 addresses would be meaningful. (Well,
they do as long as its official slaves are doing what we asked them to...)
All this is not because we are particularly concerned to keep the
zone contents secret. It's because they would be misleading.
--
Chris Thompson University of Cambridge Computing Service,
Email: [email protected] Roger Needham Building, 7 JJ Thomson Avenue,
Phone: +44 1223 334715 Cambridge CB3 0RB, United Kingdom.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
