Tim Wicinski wrote:
At my employer we use real domains, but do not expose them to the outside world (they just see 127.0.0.1). It's a better than inverting security through obscurity like I have seen elsewhere (not that you would do that Andreas). Paul, I am not with 100% love of the .alt name./idea but I do agree that if we don't do something the Real Users (tm) will do something even more broken and horrific.
i also use real domains for my private stuff. but i also use RPZ locally for the internal bindings, not NS RR delegations that i'd have to keep out of my externally-served zone files.
-- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
