It appears that Philip Homburg <[email protected]> said: >> Logic behind this proposal follows: >> >> #1 I can't see any difference between the intended use of: >> - 10.in-addr.arpa. >> - internal. >> >> #2 RFC 6761 section 6.1 already established special rules for >> 10.in-addr.arpa. > >The draft has the following: >The "internal" top-level domain provides this purpose in the DNS. Such >domains will not resolve in the global DNS, but can be configured within >closed networks as the network operator sees fit. > >I think that is the difference between .internal and 10.in-addr.arpa.
Depending on how you interpret "not resolve" I think there's no difference. Your cache should catch the query and give you back a NXDOMAIN or maybe NOERROR, but if it doesn't, the global DNS will give you the NXDOMAIN. >There seems to be an argument that for the convenience of DNSSEC, private >domains have to resolve in the global DNS. Maybe we need to actually >say that in some RFC. Or solve this issue in a different way. It's definitely an unsolved problem, particularly if you would like to sign stuff within your own network. I do wish people would stop saying it's easy, just do X, for various versions of X, because it's not. R's, John _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
