It appears that Stephane Bortzmeyer said:
>[localhost. nobody.invalid. 1 3600 1200 604800 10800] : 59 occurrences
That's what Unbound returns. Comments in the config file say that it
by default returns an empty stub for a bunch of names like .test and .invalid
so the queries aren't set upstre
On Wed, Feb 05, 2025 at 08:43:51PM -0500,
Donald Eastlake wrote
a message of 28 lines which said:
> "invalid" certainly isn't perfect. Maybe it should have been
> "non-existent" or something.
Despite what RFC 6761 says, many resolvers will not return NXDOMAIN
for names under .invalid. Testing
On 2025-02-06 08:56 +01, Philip Homburg wrote:
>>What we all keep ignoring is that .internal DOES NOT WORK WITH
>>BRING YOUR OWN DEVICE scenarios Reverse for RFC1918 addresses
>>work with BYOD because we have public AS112 servers that serve
>>UNSIGNED reverse zones. This breaks t
>What we all keep ignoring is that .internal DOES NOT WORK WITH
>BRING YOUR OWN DEVICE scenarios Reverse for RFC1918 addresses
>work with BYOD because we have public AS112 servers that serve
>UNSIGNED reverse zones. This breaks the DNSSEC chain of trust
>cleanly allowing the z
Hi Joe,
On Wed, Feb 5, 2025 at 4:43 PM Joe Abley wrote:
>
> Hi Donald,
>
> On 5 Feb 2025, at 22:10, Donald Eastlake wrote:
>
> > Maybe I'm confused but what is wrong with any domain name ending
> > in the TLD "invalid." if you want a domain name that is guaranteed
> > not to exist? (RFC 2606/676
Hi Donald,
On 5 Feb 2025, at 22:10, Donald Eastlake wrote:
> Maybe I'm confused but what is wrong with any domain name ending in the TLD
> "invalid." if you want a domain name that is guaranteed not to exist? (RFC
> 2606/6761)
I guess that also works. I think it's semantically ugly and I thin
Hi Joe,
Maybe I'm confused but what is wrong with any domain name ending in the TLD
"invalid." if you want a domain name that is guaranteed not to exist? (RFC
2606/6761)
Thanks,
Donald
===
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
2386 Panoramic Circle, Apopka,
What we all keep ignoring is that .internal DOES NOT WORK WITH BRING YOUR OWN DEVICE scenarios Reverse for RFC1918 addresses work with BYOD because we have public AS112 servers that serve UNSIGNED reverse zones. This breaks the DNSSEC chain of trust cleanly allowing the zones to be used by everyo
Many years ago I ran across a large company that had a large internal
network. It purposely used IP addresses that were already assigned to
others. They didn't want their internal numbers to conflict with the
numbers assigned to their externally visible devices. Sort of a split view
approach. S
Joe Abley wrote:
> Nobody liked this idea at the time and it withered on the vine. I seem to
> remember one reaction being (paraphrasing) "this is a draft that literally
> recommends doing nothing, we don't need a draft for that" which I don't quite
> agree with but which made me smile at the
10 matches
Mail list logo
