> The draft does not recommend using or not using .internal. It says: > > If an organization determines that it requires a private-use > DNS namespace, it should either use sub-domains of a global > DNS name that > is under its organizational and operational control, or use > the "internal" top-level domain. This document does not offer > guidance on when a network operators should choose the "internal" > top-level domain instead of a sub-domain of a global DNS name. > This decision will depend on multiple factors such as network > design or organizational needs, and is outside the scope of > this publication. > > SAC113 said: Using sub-domains of registered public domain names > is still the best practice to name internal resources. > > Im not against changing the draft to align more with the advice in > SAC113, but my inclination is to keep the draft agnostic on this > point. When the authors originally discussed it we decided against > offering advice in either direction.
I assume this IETF working group can form an independent opinion. In my opinion the issue is not whether public domains are better or not. My issue is that the IETF should recommend against uses that lead to DNSSEC failures. For example, home.arpa. is safe to use from a DNSSEC validation point of view. So unless DNSSEC validation is improved the draft should actively recommend against using internal. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
