.internal
DNSOP, .SG - 2017-11
RFC 1918 for names
A condom for the namespace
I wanna pony!
... but we told them not to do this.
-
corp 0.48
-
home 0.43
-
internal 0.55
-
localhost 0.28
-
localdomain 0.50
Users want an internal / disconnected namespace
I wanna pony!
- Squatting on TLDsĀ causes various issues like:
- pollution of the namespaceĀ
- e.g .home, .corp, .mail, ...
- potentially collisions
- excess root / recursive lookups
- somewhat mitigated by Aggressive NSEC
- leaking of "internal" names
- pollution of the namespaceĀ
...but I wanna pony!
..wanna wanna pony!
- Actually we say "Use something under a registered domain"
- We are the adults, this is risky behavior, you don't actually want to do this
- We also preach abstinence
- Regardless of what we think of the behavior, we can't stop people doing this - but we can make it less risky.
.internal
- Add .internal to IETF Special Use Names
- Has to be a TLD for non-technical / aesthetic reasons
- DNSSEC requires that this be added to the root (with a DNSSEC insecure delegation).
- happy to cover the reasons off-line
- no process for this.
- Will require creating one!
- Cannot force people to use it (no protocol police :-( )
- Just like for RFC1918, when two companies merge, there will be entertainment - but, at least it will be constrained to one place in the namespace.
This was BCP
"Three practical methods to name the DNS domain are:
* Make the name a private domain name that is used for name resolution on the internal Small Business Server network. This name is usually configured with the first-level domain of .local. At the present time, the .local domain name is not registered on the Internet.
* Make the name a sub-domain of a publicly registered domain name. For
example, if the publicly registered domain name is Contoso.com, a sub-domain of Corp.contoso.com can be used.
* Make the name the same as a publicly registered domain name.
Most Small Business Server customers should use the first method. The following list describes some of the advantages when you use a separate and private domain name for the local Small Business Server network:
DNSOP - Singapore - .internal
By wkumari
DNSOP - Singapore - .internal
- 376