[dns-operations] TLD(s) for private use
James Stevens
James.Stevens at jrcs.co.uk
Wed Sep 6 11:22:23 UTC 2017
>> I'm guessing dot-ZZ might fit that criterion, on the basis no country will
>> ever get it,
>
> I wouldn't be so sure, ISO 3166 does not reserve that code in any way.
I've not used dot-ZZ. However, this discussion quotes the phrase "and
the ISO 3166/MA will never use these codes in the updating process of
the standard", when referring to dot-ZZ.
https://www.ripe.net/ripe/mail/archives/db-wg/2010-February/003732.html
The quote is attributed to Wikipedia
https://en.wikipedia.org/wiki/ISO_3166-1#Reserved_and_user-assigned_code_elements
"The following codes can be user-assigned:[25]
Alpha-2: AA, QM to QZ, XA to XZ, and ZZ
Alpha-3: AAA to AAZ, QMA to QZZ, XAA to XZZ, and ZZA to ZZZ
Numeric: 900 to 999"
"[25]" is this link ...
https://web.archive.org/web/20070306080355/http://www.iso.org/iso/en/prods-services/iso3166ma/10faq/frequently-asked-questions.html#Q09
This seems to confirm, from a purely ISO perspective, ZZ would be safe
to use.
> Funny, we just had a long discussion in an IETF working group about
> that :-)
Great minds, etc.
Might I suggest it would be useful to have a guaranteed reserved (say)
prefix, like "zz--" ... Curiously I have seen other use this exact same
prefix, which I guess points to your final comment - so I totally take
onboard what you mean.
Although, dot-ZZ seems to be an equally good choice - and if always used
in the context of a sub-domain, e.g. "data.zz." would /reduce/ the
likely hood of collisions.
> No, the "correct" (or at least recommended) procedure is to use a
> subdomain of one of your domains
The "fear" I have with this technique is that there is the /potential/
for the data to get out into the public domain, as its hosted in a
publicly accessible TLD.
A TLD that is not in the ROOT zone gives an added level of comfort -
especially for those higher up the management chain for whom an
understanding of the DNS might be less clear.
Like others (e.g. RTBL), I have often used DNS to provide one-way data
propagation. Its lightweight and has great facilities for live or polled
updating - but it may be carrying data that I wouldn't want in the
public domain.
James
More information about the dns-operations
mailing list