On Thu, 2013-03-07 at 11:18 -0600, David Farmer wrote:
It would be better for everyone connected to MICE to implement the recommendations of RFC 6761
If I'm reading that correctly, the requirements for a network operator boil down to: 1. The following zones MUST be configured on our recursive and authoritative DNS servers. They MUST either be empty of records or contain records matching our uses of *routable* private space. 10.in-addr.arpa. 16.172.in-addr.arpa. 17.172.in-addr.arpa. 18.172.in-addr.arpa. 19.172.in-addr.arpa. 20.172.in-addr.arpa. 21.172.in-addr.arpa. 22.172.in-addr.arpa. 23.172.in-addr.arpa. 24.172.in-addr.arpa. 25.172.in-addr.arpa. 26.172.in-addr.arpa. 27.172.in-addr.arpa. 28.172.in-addr.arpa. 29.172.in-addr.arpa. 30.172.in-addr.arpa. 31.172.in-addr.arpa. 168.192.in-addr.arpa. 2. The "test." zone MUST be configured on our recursive and authoritative DNS servers. It MUST be empty of records. 3. The "localhost." zone MUST be configured on our recursive and authoritative DNS servers. It MUST contain wildcard A and AAAA records pointing to 127.0.0.1 and ::1, respectively. I'm not sure it's possible to implement the "invalid." zone behavior without writing a patch. Suggestions are welcome. In my network, we have #1 implemented already. I believe it's setup by default in BIND, at least in Debian. -- Richard ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1