> On Feb 13, 2025, at 5:39 PM, Warren Kumari <[email protected]> wrote: > > > >> On Wed, Feb 05, 2025 at 9:39 AM, Duane Wessels >> <[email protected]> wrote: >> >> >> The text for RFC 6761 consideration 4 should be similar to those others, >> e.g.: >> 4. Caching DNS servers SHOULD, by default, recognize .internal >> names as special and SHOULD NOT, by default, attempt to look >> up NS records for them, or otherwise query authoritative DNS >> servers in an attempt to resolve .internal names. Instead, >> caching DNS servers SHOULD, by default, generate immediate >> negative responses for all such queries. This is to avoid >> unnecessary load on the root name servers and other name >> servers. >> >> I’d really like to see MUST instead of SHOULD but I suspect most will think >> thats a step too far. >> >> > Oh, wow, yes, that's the answer I should have chosen for question 4. In my > mind, an Enterprise might use e.g accounting.internal. I didn't want them to > have to reconfigure all of their branch "caching DNS servers" (resolvers) > when setting this up, and they would just configure the special handing on > the "authoritative servers"... but clearly my brain was on autopilot. > > Would you be OK with my using the text from RFC6761 instead of your (edited) > version? > e.g: > Answer 4 from RFC6761 Section 6.2. Domain Name Reservation Considerations > for "test.": > 4. Caching DNS servers SHOULD recognize .internal names as special and > SHOULD NOT, by default, attempt to look up NS records for them, > or otherwise query authoritative DNS servers in an attempt to > resolve test names. Instead, caching DNS servers SHOULD, by > default, generate immediate negative responses for all such > queries. This is to avoid unnecessary load on the root name > servers and other name servers. Caching DNS servers SHOULD offer > a configuration option (disabled by default) to enable upstream > resolving of .internal names, for use in networks where .internal > names are > known to be handled by an authoritative DNS server in said > private network. >
Hi Warren, I think the end result of your version vs my version is the same so yes I would be ok with it. (your seems to have a stray “test" that should be .internal) I would defer to developers/publishers of caching resolver software with respect to the phrasing of “a configuration option … to enable upstream resolving”. Here “option” sounds wrong to me. In my experience the way someone configures something like that is by adding zone statements to the configuration file along other elements of the zone configuration (name servers, file paths, etc). DW
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
