Is anyone familiar with the AS112 project? http://public.as112.net/ Would this be worthwhile on MICE? -- Jay Hanke CTO, CCIE #19093 Mankato Networks LLC PO Box 54 619 S Front St Mankato, MN 56001-3838 Google 530-618-2398 jayhanke@mankatonetworks.net http://www.mankatonetworks.com ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
I'm aware of it, its discussed in RFC 6304, it wouldn't hurt anything. However, as RFC 6761 becomes in more common use the need for this should reduce significantly. It would be better for everyone connected to MICE to implement the recommendations of RFC 6761 with regards to their recursive name servers, than to build a AS112 node for MICE. http://tools.ietf.org/html/rfc6304 http://tools.ietf.org/html/rfc6761 On 3/7/13 10:55 , Jay Hanke wrote:
-- ================================================ David Farmer Email: farmer@umn.edu Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 1-612-626-0815 Minneapolis, MN 55414-3029 Cell: 1-612-812-9952 ================================================ ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Thu, 2013-03-07 at 11:18 -0600, David Farmer wrote:
It would be better for everyone connected to MICE to implement the recommendations of RFC 6761
If I'm reading that correctly, the requirements for a network operator boil down to: 1. The following zones MUST be configured on our recursive and authoritative DNS servers. They MUST either be empty of records or contain records matching our uses of *routable* private space. 10.in-addr.arpa. 16.172.in-addr.arpa. 17.172.in-addr.arpa. 18.172.in-addr.arpa. 19.172.in-addr.arpa. 20.172.in-addr.arpa. 21.172.in-addr.arpa. 22.172.in-addr.arpa. 23.172.in-addr.arpa. 24.172.in-addr.arpa. 25.172.in-addr.arpa. 26.172.in-addr.arpa. 27.172.in-addr.arpa. 28.172.in-addr.arpa. 29.172.in-addr.arpa. 30.172.in-addr.arpa. 31.172.in-addr.arpa. 168.192.in-addr.arpa. 2. The "test." zone MUST be configured on our recursive and authoritative DNS servers. It MUST be empty of records. 3. The "localhost." zone MUST be configured on our recursive and authoritative DNS servers. It MUST contain wildcard A and AAAA records pointing to 127.0.0.1 and ::1, respectively. I'm not sure it's possible to implement the "invalid." zone behavior without writing a patch. Suggestions are welcome. In my network, we have #1 implemented already. I believe it's setup by default in BIND, at least in Debian. -- Richard ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Mar 7, 2013, at 10:01 AM, Richard Laager <rlaager@WIKTEL.COM> wrote:
You are reading it incorrectly. The RFC specifies how your name server should behave by default without you configuring anything. If you WANT to respond differently than the default stated in the document, you would have to configure your name server accordingly. Admittedly, if your name servers do not implement RFC6761 by default, then you can mimic most of what it specifies by taking the actions you state above.
I'm not sure it's possible to implement the "invalid." zone behavior without writing a patch. Suggestions are welcome.
Right… The RFC is aimed at name server developers more than name server operators.
In my network, we have #1 implemented already. I believe it's setup by default in BIND, at least in Debian.
Yes, modern versions of bind ship with RFC6761 compliance. Owen
######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
participants (4)
-
David Farmer -
Jay Hanke -
Owen DeLong -
Richard Laager