On Mar 7, 2013, at 10:01 AM, Richard Laager <rlaager@WIKTEL.COM> wrote:
On Thu, 2013-03-07 at 11:18 -0600, David Farmer wrote:
It would be better for everyone connected to MICE to implement the recommendations of RFC 6761
If I'm reading that correctly, the requirements for a network operator boil down to:
1. The following zones MUST be configured on our recursive and authoritative DNS servers. They MUST either be empty of records or contain records matching our uses of *routable* private space. 10.in-addr.arpa. 16.172.in-addr.arpa. 17.172.in-addr.arpa. 18.172.in-addr.arpa. 19.172.in-addr.arpa. 20.172.in-addr.arpa. 21.172.in-addr.arpa. 22.172.in-addr.arpa. 23.172.in-addr.arpa. 24.172.in-addr.arpa. 25.172.in-addr.arpa. 26.172.in-addr.arpa. 27.172.in-addr.arpa. 28.172.in-addr.arpa. 29.172.in-addr.arpa. 30.172.in-addr.arpa. 31.172.in-addr.arpa. 168.192.in-addr.arpa.
2. The "test." zone MUST be configured on our recursive and authoritative DNS servers. It MUST be empty of records.
3. The "localhost." zone MUST be configured on our recursive and authoritative DNS servers. It MUST contain wildcard A and AAAA records pointing to 127.0.0.1 and ::1, respectively.
You are reading it incorrectly. The RFC specifies how your name server should behave by default without you configuring anything. If you WANT to respond differently than the default stated in the document, you would have to configure your name server accordingly. Admittedly, if your name servers do not implement RFC6761 by default, then you can mimic most of what it specifies by taking the actions you state above.
I'm not sure it's possible to implement the "invalid." zone behavior without writing a patch. Suggestions are welcome.
Right… The RFC is aimed at name server developers more than name server operators.
In my network, we have #1 implemented already. I believe it's setup by default in BIND, at least in Debian.
Yes, modern versions of bind ship with RFC6761 compliance. Owen
-- Richard
########################################################################
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1