Re: [dnsop] WGLC: draft-ietf-dnsop-default-local-zones-00.txt

Wed, 13 Sep 2006 01:25:08 -0700 


On 12Sep 2006, at 8:22 PM, Peter Koch wrote:


On Tue, Sep 12, 2006 at 12:04:49PM +0200, Olaf M. Kolkman wrote:


But isn't the default as provided by the software vendor. So why not
something like rfcXXXX.blafoo.nl (in case blafoo would be the vendor
of the resolver) and have a auto-responder behind that address?
My feeling is that this is beyond what we can successfully recommend in a BCP.
The BCP would reccomend the e-mail address of the local administrator. The software vendor still needs to pick a sensible default. I was trying to cook up something for the latter. 



fields. So the draft suggests the mname to contain the 'local'
administrator (SHOULD) and the vendor puts its own default. (It is
unfortunate that such address will become a spam magnet).


It would also be a spam reflector and open a can of worms IMHO.
Agreed, on the other hand the vendor could also send all mails received at that address to the bit-bucket. 



I wonder if those people clever enough to dig out the RNAME really
would need the help of an auto responder. My point about avoiding the "." was more to say "." != "no address" (waiting for someone to point me to the 
existing (bad) precedent).
In the spirit of "Text Dude" here is my try on phrasing this in RFC speak:
Implementations SHOULD provide a mechanism to set the value of the SOA RNAME to contain a local contact. Implementations MAY default this value to "." or, alternatively, MAY configure a mail addressed maintained by the vendor. No address records need to be provided for the name server.
(If this is not seen as an improvement I do consent with the original text) 



and while we are at that paragraph. It currently reads:

   If using empty zones one should not use the same NS and SOA records
as used on the public Internet servers as that will make it harder to 
   detect leakage from the public Internet servers.

Should that first "should" not be a "SHOULD"?

--Olaf


-----------------------------------------------------------
Olaf M. Kolkman
NLnet Labs
http://www.nlnetlabs.nl/



.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html

Reply via email to