On Sun, September 3, 2017 23:38, Mark Andrews wrote: >> ]On 4 Sep 2017, at 4:47 am, Walter H. <walte...@mathemainzel.info> >> wrote: >> >> even if I fully ACK this, but 15 years ago, nobody said, that ".local", >> ... would conflict one day ... >> and also the company I work for has decided at these times to use a >> ".local" as internal domain and AD; >> now it is impossible to change this ... > > Why would anyone tell you that “.local” would conflict when you were > supposed > to register a name *before* using it.
NAK: because there are two points: the 1st: uniqueness is not a requirement here the 2nd: global knowledge of locally used names might raise a security problem ... > If you are doing AD correctly you should be able to register you machines > wherever > they connect to the Internet and that requires a public registration. you could that also say the other way round: if the folks had done their job correct and made a DNS-pendant to RFC1918, many enterprises wouldn't have the problems now, which are unresolveable ... by the way: why are you discussing about DNSSEC for names that are used only locally? _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop