To:
Daniel Senie <dts@senie.com>
cc:
Philip Hazel <ph10@cus.cam.ac.uk>, Mats Dufberg <dufberg@nic-se.se>, dnsop@cafax.se
From:
Robert Elz <kre@munnari.OZ.AU>
Date:
Fri, 15 Feb 2002 12:46:24 +0700
In-Reply-To:
<5.1.0.14.2.20020214113044.041aed90@mail.amaranth.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: I-D ACTION:draft-ietf-dnsop-dontpublish-unreachable-03.txt
Date: Thu, 14 Feb 2002 11:35:22 -0500
From: Daniel Senie <dts@senie.com>
Message-ID: <5.1.0.14.2.20020214113044.041aed90@mail.amaranth.net>
| A /24 which is firewalled, and has a name server behind it which is listed
| in the NS records would be every bit the same as a server in RFC 1918 space
| on a private network.
Almost, but not quite. A firewalled /n (for any n) is just an unreachable
server (jno different than a server that is down, or has had its address
changed without updating the DNS). Attempting to legislate against any
of this is attempting to legislate against stupidity, which is just as
stupid itself.
On the other hand, rfc1918 addresses, and 127/8 are really uncoordinated
anycast addresses - they may just be an unreachable address, in which
case they're not really doing any great harm - but for others they may
actually direct you to a reachable server (DNS server, web server, e-mail
server...) which simply has no idea what to do with whatever you're
attempting, or even worse, believes it does know.
It is much more important to keep 1918 (etc) addreses out of the DNS
than any other oddball addresses.
kre