[dns-operations] TLD(s) for private use

James Stevens James.Stevens at jrcs.co.uk
Wed Sep 6 11:22:23 UTC 2017

>> I'm guessing dot-ZZ might fit that criterion, on the basis no country will
>> ever get it,
> I wouldn't be so sure, ISO 3166 does not reserve that code in any way.

I've not used dot-ZZ. However, this discussion quotes the phrase "and 
the ISO 3166/MA will never use these codes in the updating process of 
the standard", when referring to dot-ZZ.


The quote is attributed to Wikipedia


"The following codes can be user-assigned:[25]
Alpha-2: AA, QM to QZ, XA to XZ, and ZZ
Alpha-3: AAA to AAZ, QMA to QZZ, XAA to XZZ, and ZZA to ZZZ
Numeric: 900 to 999"

"[25]" is this link ...


This seems to confirm, from a purely ISO perspective, ZZ would be safe 
to use.

> Funny, we just had a long discussion in an IETF working group about
> that :-)

Great minds, etc.

Might I suggest it would be useful to have a guaranteed reserved (say) 
prefix, like "zz--" ... Curiously I have seen other use this exact same 
prefix, which I guess points to your final comment - so I totally take 
onboard what you mean.

Although, dot-ZZ seems to be an equally good choice - and if always used 
in the context of a sub-domain, e.g. "data.zz." would /reduce/ the 
likely hood of collisions.

> No, the "correct" (or at least recommended) procedure is to use a
> subdomain of one of your domains

The "fear" I have with this technique is that there is the /potential/ 
for the data to get out into the public domain, as its hosted in a 
publicly accessible TLD.

A TLD that is not in the ROOT zone gives an added level of comfort - 
especially for those higher up the management chain for whom an 
understanding of the DNS might be less clear.

Like others (e.g. RTBL), I have often used DNS to provide one-way data 
propagation. Its lightweight and has great facilities for live or polled 
updating - but it may be carrying data that I wouldn't want in the 
public domain.


More information about the dns-operations mailing list