[dns-operations] RFC1918 best practice

Michael Sinatra michael at rancid.berkeley.edu
Tue Dec 16 23:36:50 UTC 2008


Our campus wants to use RFC1918 IPv4 addresses in situations where a 
device a) can't use IPv6; and b) doesn't need access out of our AS. 
People want to use DNS for these addresses, so we have created child 
zones of berkeley.edu that have query ACLs so that the authoritative 
nameservers won't answer for queries outside of our IP address space. 
(BTW, we do follow BCP38 as well.)

Here's the issue: Some folks want aliases in our publicly reachable 
berkeley.edu domain.  In the case of an alias, the nameserver will 
return a CNAME record pointing to our internal domain, but it won't be 
able to resolve anything further.

I take Section 5 of RFC1918 pretty seriously, so I want to make sure 
that there isn't a problem--best-practice-wise--with having a CNAME 
record pointing to an internal domain (1918.berkeley.edu) that won't 
resolve further.  I am generally aware of the technical issues; I just 
want to make sure I am interpreting section 5 of RFC1918 correctly 
(especially the DNS portion in the last paragraph).  I'd really like not 
to use views or separate servers if possible, and instead prefer to keep 
things in separate domains.



More information about the dns-operations mailing list