To:
Daniel Senie <dts@senie.com>
cc:
Philip Hazel <ph10@cus.cam.ac.uk>, Mats Dufberg <dufberg@nic-se.se>, dnsop@cafax.se
From:
Robert Elz <kre@munnari.OZ.AU>
Date:
Fri, 15 Feb 2002 12:46:24 +0700
In-Reply-To:
<5.1.0.14.2.20020214113044.041aed90@mail.amaranth.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: I-D ACTION:draft-ietf-dnsop-dontpublish-unreachable-03.txt
Date: Thu, 14 Feb 2002 11:35:22 -0500 From: Daniel Senie <dts@senie.com> Message-ID: <5.1.0.14.2.20020214113044.041aed90@mail.amaranth.net> | A /24 which is firewalled, and has a name server behind it which is listed | in the NS records would be every bit the same as a server in RFC 1918 space | on a private network. Almost, but not quite. A firewalled /n (for any n) is just an unreachable server (jno different than a server that is down, or has had its address changed without updating the DNS). Attempting to legislate against any of this is attempting to legislate against stupidity, which is just as stupid itself. On the other hand, rfc1918 addresses, and 127/8 are really uncoordinated anycast addresses - they may just be an unreachable address, in which case they're not really doing any great harm - but for others they may actually direct you to a reachable server (DNS server, web server, e-mail server...) which simply has no idea what to do with whatever you're attempting, or even worse, believes it does know. It is much more important to keep 1918 (etc) addreses out of the DNS than any other oddball addresses. kre