In message <59f8c88caaf82a5884aa87223d49e7e4.1504505...@squirrel.mail>, "Walter H." writes: > On Sun, September 3, 2017 23:38, Mark Andrews wrote: > >> ]On 4 Sep 2017, at 4:47 am, Walter H. <walte...@mathemainzel.info> > >> wrote: > >> > >> even if I fully ACK this, but 15 years ago, nobody said, that ".local", > >> ... would conflict one day ... > >> and also the company I work for has decided at these times to use a > >> ".local" as internal domain and AD; > >> now it is impossible to change this ... > > > > Why would anyone tell you that â.localâ would conflict when you were > > supposed > > to register a name *before* using it. > > NAK: because there are two points: > the 1st: uniqueness is not a requirement here > the 2nd: global knowledge of locally used names might raise a security > problem ...
Except you misses the entire point of getting a registered name, that is to be able to use it safely without anyone trampling on its use. 'home.arpa' is in the process of being registered so that it can be used safely in the environment it is designed to be used in. Yes, 'home.arpa' will be registered. It's a different type of registration to the one that is normally done by talking to your friendly DNS registrar but it is a registration. > > If you are doing AD correctly you should be able to register you machines > > wherever > > they connect to the Internet and that requires a public registration. > > you could that also say the other way round: if the folks had done their > job correct and made a DNS-pendant to RFC1918, many enterprises wouldn't > have the problems now, which are unresolveable ... Names are not addresses. They have different properties. > by the way: why are you discussing about DNSSEC for names that are used > only locally? I'm discussing about putting names through the DNSSEC validator and not having the fail validation. It is also possible to use DNSSEC within home.arpa. It requires more care especially if you have a mobile device but it is possible. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
