Re: I-D ACTION:draft-ietf-dnsop-dontpublish-unreachable-00.txt

[Randy Bush <randy@psg.com>]

> I just read this new I-D, and am not sure it's a "good thing." My concern 
> centers around the draft's assumption that there are two types of 
> environments, public and private, and that it is easy to tell the 
> difference. I worry that with the increased use of policy routing, IPSec 
> and such, we might well find cases where the degree of "publicness" or 
> "privateness" of information is highly dependent on where a particular 
> station is on the Internet, and what its authorizations are.

seems to me that there are two partitions being discussed.  

the first, sec 2, is 1918 private address space.  considering the
proscriptions in 1918 itself, and the rather clear boundaries, i hope
that you have no problem proscribing leakage of dns data where sourced
packet addresses are not supposed to leak.

other 'unreachable' space, section 3, is a more interesting case.  why i
think philip's position seems reasonable is that, with all the multi-view
capabilities we have these days, it would seem reasonable to ask that
whatever is blocking reachability should also handle the different dns
view.  on the other hand, i will admit to worries about multiple views in
general, though negligible worries at a 1918 boundary.

so i think i support at least the 1918 hiding.

randy