On Sun, September 3, 2017 23:38, Mark Andrews wrote:
>> ]On 4 Sep 2017, at 4:47 am, Walter H. <walte...@mathemainzel.info>
>> wrote:
>>
>> even if I fully ACK this, but 15 years ago, nobody said, that  ".local",
>> ... would conflict one day ...
>> and also the company I work for has decided at these times to use a
>> ".local" as internal domain and AD;
>> now it is impossible to change this ...
>
> Why would anyone tell you that “.local” would conflict when you were
> supposed
> to register a name *before* using it.

NAK: because there are two points:
the 1st: uniqueness is not a requirement here
the 2nd: global knowledge of locally used names might raise a security
problem ...

> If you are doing AD correctly you should be able to register you machines
> wherever
> they connect to the Internet and that requires a public registration.

you could that also say the other way round: if the folks had done their
job correct and made a DNS-pendant to RFC1918, many enterprises wouldn't
have the problems now, which are unresolveable ...

by the way: why are you discussing about DNSSEC for names that are used
only locally?

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to