[dns-operations] TLD(s) for private use

James Stevens James.Stevens at jrcs.co.uk
Wed Sep 6 11:22:23 UTC 2017


>> I'm guessing dot-ZZ might fit that criterion, on the basis no country will
>> ever get it,
> 
> I wouldn't be so sure, ISO 3166 does not reserve that code in any way.

I've not used dot-ZZ. However, this discussion quotes the phrase "and 
the ISO 3166/MA will never use these codes in the updating process of 
the standard", when referring to dot-ZZ.

https://www.ripe.net/ripe/mail/archives/db-wg/2010-February/003732.html

The quote is attributed to Wikipedia

https://en.wikipedia.org/wiki/ISO_3166-1#Reserved_and_user-assigned_code_elements

"The following codes can be user-assigned:[25]
Alpha-2: AA, QM to QZ, XA to XZ, and ZZ
Alpha-3: AAA to AAZ, QMA to QZZ, XAA to XZZ, and ZZA to ZZZ
Numeric: 900 to 999"

"[25]" is this link ...

https://web.archive.org/web/20070306080355/http://www.iso.org/iso/en/prods-services/iso3166ma/10faq/frequently-asked-questions.html#Q09


This seems to confirm, from a purely ISO perspective, ZZ would be safe 
to use.


> Funny, we just had a long discussion in an IETF working group about
> that :-)

Great minds, etc.

Might I suggest it would be useful to have a guaranteed reserved (say) 
prefix, like "zz--" ... Curiously I have seen other use this exact same 
prefix, which I guess points to your final comment - so I totally take 
onboard what you mean.

Although, dot-ZZ seems to be an equally good choice - and if always used 
in the context of a sub-domain, e.g. "data.zz." would /reduce/ the 
likely hood of collisions.


> No, the "correct" (or at least recommended) procedure is to use a
> subdomain of one of your domains

The "fear" I have with this technique is that there is the /potential/ 
for the data to get out into the public domain, as its hosted in a 
publicly accessible TLD.

A TLD that is not in the ROOT zone gives an added level of comfort - 
especially for those higher up the management chain for whom an 
understanding of the DNS might be less clear.

Like others (e.g. RTBL), I have often used DNS to provide one-way data 
propagation. Its lightweight and has great facilities for live or polled 
updating - but it may be carrying data that I wouldn't want in the 
public domain.



James



More information about the dns-operations mailing list