I did this once upon a time, when I held the authoritative delegations for the RFC 1918 space. Unfortunately, I waited two years before adding the entries. by then, routes had leaked and we had 100's of sites (generally corporations) have their internal SNMP-based monitoring systems collapse into a single data point that read "read-rfc1918-for details." The calls were... "energetic" and the DNS entries were removed within a few hours.
If we are going to take this tactic, doing from the getgo is the right thing to do. May I do this for the ip6.int space? % I like it :-) % % % % On Wed, 2002-11-27 at 07:57, Steven M. Bellovin wrote: % > In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wr % > i % > tes: % > >>>Require the DNS server at the edge of the site be authoritative for the % > >>>whole of fec0::/10 or blackhole the queries. % > >>> % > >>>(I don't think too many people would even want to register site-locals in % > >>>the _global_ reverse DNS, queriable by anyone -- remember, they're not to % > >>>be used globally, and reverses in and itself are already considered a % > >>>"security hazard" by some.) % > >>> % > >>>Let's not go down the path of putting site-locals anywhere near the global % > >>>ip6.arpa. % > >> % > >>Sure -- but to keep the load off the root, we need to be *very* sure % > >>that sites do pretend to be authoritative for them. % > > % > > will it help if we ship c.e.f.ip6.int/arpa zone files with BIND, % > > just like 1.0.0.127.in-addr.arpa? % > % > Thinking about it a little more, there's a seriously obscene thing % > to do here: ship the config files with a * PTR record, resolving to % > something like "read.RFC.1918.for.these.addresses." % > % > % > % > -------------------------------------------------------------------- % > IETF IPng Working Group Mailing List % > IPng Home Page: http://playground.sun.com/ipng % > FTP archive: ftp://playground.sun.com/pub/ipng % > Direct all administrative requests to [EMAIL PROTECTED] % > -------------------------------------------------------------------- % % % % -------------------------------------------------------------------- % IETF IPng Working Group Mailing List % IPng Home Page: http://playground.sun.com/ipng % FTP archive: ftp://playground.sun.com/pub/ipng % Direct all administrative requests to [EMAIL PROTECTED] % -------------------------------------------------------------------- % -- --bill -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
