[dns-operations] RFC1918 best practice
Michael Sinatra
michael at rancid.berkeley.edu
Tue Dec 16 23:36:50 UTC 2008
- Previous message (by thread): [dns-operations] Root delegation changes for aero, asia, info, mobi, bz, gi, hn, in, lc, me, mn, sc
- Next message (by thread): [dns-operations] RFC1918 best practice
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Hi,
Our campus wants to use RFC1918 IPv4 addresses in situations where a
device a) can't use IPv6; and b) doesn't need access out of our AS.
People want to use DNS for these addresses, so we have created child
zones of berkeley.edu that have query ACLs so that the authoritative
nameservers won't answer for queries outside of our IP address space.
(BTW, we do follow BCP38 as well.)
Here's the issue: Some folks want aliases in our publicly reachable
berkeley.edu domain. In the case of an alias, the nameserver will
return a CNAME record pointing to our internal domain, but it won't be
able to resolve anything further.
I take Section 5 of RFC1918 pretty seriously, so I want to make sure
that there isn't a problem--best-practice-wise--with having a CNAME
record pointing to an internal domain (1918.berkeley.edu) that won't
resolve further. I am generally aware of the technical issues; I just
want to make sure I am interpreting section 5 of RFC1918 correctly
(especially the DNS portion in the last paragraph). I'd really like not
to use views or separate servers if possible, and instead prefer to keep
things in separate domains.
thanks,
michael
- Previous message (by thread): [dns-operations] Root delegation changes for aero, asia, info, mobi, bz, gi, hn, in, lc, me, mn, sc
- Next message (by thread): [dns-operations] RFC1918 best practice
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dns-operations
mailing list