[dns-operations] policy to prevent glue for "bogus" IP addresses
m3047 at m3047.net
Wed Sep 16 16:24:50 UTC 2015
On Wed, 16 Sep 2015, Paul Vixie wrote:
> Brett Frankenberger wrote:
> > In your view, is the prohibition via ICANN requirements on registries or
> > registrars, of, for example,
> > XYZ.COM NS ...-> 127.0.53.53
> > worth the effort it would take, given that it would not prevent
> > ABC.XYZ.COM NS ...-> 127.0.53.53
> in my view, yes. there's a huge difference in how to get cooperation in
> the two cases, but the first case is extraordinarily more common than
> the second case
Taking Paul's assertion of rationality at face value but arguing from
there slightly differently...
I can put whatever address I want in the DNS, a DNS server shouldn't care;
just as I can use arbitrary octets for a label, and it shouldn't care.
(As a side note, 127.0.0.1 seems relatively common in RPZ declarations as
the nameserver for the zone.) Indeed the "controlled interruption" doesn't
really break the DNS.
HOWEVER. I can't register arbitrary octet labels at the publicly
administered level (or however you want to put that) because they don't
allow it. Reasons why? Doesn't matter. Likewise, I would imagine that I
can't use arbitrary octets as a canonical name at the publicly
So then: addresses. I would imagine the use of certain addresses is
disallowed or controlled by policy at the publicly administered level.
Reason? It follows from the other arbitrary (and there are more) examples.
In fact, this exact point of contention surrounds exactly such an
arbitrary application of policy concerning such an address. At the
publicly administered level I accept that arbitrary and manifestly flawed
decisions are made by rational people who spend time thinking about it and
are earnestly trying to do the best thing.
As long as said people and institutions don't mind the rest of us having
sport by pointing out such inconsistencies and incongruities at their
expense then really I'm fine with it; and if it chafes more than that,
best to change the policy IMO.
More information about the dns-operations