On Thu, 2013-03-07 at 11:18 -0600, David Farmer wrote:
> It would be better for everyone connected to MICE
> to implement the recommendations of RFC 6761
If I'm reading that correctly, the requirements for a network operator
boil down to:
1. The following zones MUST be configured on our recursive and
authoritative DNS servers. They MUST either be empty of records
or contain records matching our uses of *routable* private
space.
10.in-addr.arpa.
16.172.in-addr.arpa.
17.172.in-addr.arpa.
18.172.in-addr.arpa.
19.172.in-addr.arpa.
20.172.in-addr.arpa.
21.172.in-addr.arpa.
22.172.in-addr.arpa.
23.172.in-addr.arpa.
24.172.in-addr.arpa.
25.172.in-addr.arpa.
26.172.in-addr.arpa.
27.172.in-addr.arpa.
28.172.in-addr.arpa.
29.172.in-addr.arpa.
30.172.in-addr.arpa.
31.172.in-addr.arpa.
168.192.in-addr.arpa.
2. The "test." zone MUST be configured on our recursive and
authoritative DNS servers. It MUST be empty of records.
3. The "localhost." zone MUST be configured on our recursive and
authoritative DNS servers. It MUST contain wildcard A and AAAA
records pointing to 127.0.0.1 and ::1, respectively.
I'm not sure it's possible to implement the "invalid." zone behavior
without writing a patch. Suggestions are welcome.
In my network, we have #1 implemented already. I believe it's setup by
default in BIND, at least in Debian.
--
Richard
########################################################################
To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
|