.internal

DNSOP, .SG - 2017-11

RFC 1918 for names

A condom for the namespace

I wanna pony!

... but we told them not to do this.

  • corp         0.48
  • home         0.43
  • internal     0.55
  • localhost    0.28
  • localdomain  0.50

Users want an internal / disconnected namespace

I wanna pony!

  • Squatting on TLDsĀ causes various issues like:
    • pollution of the namespaceĀ 
      • e.g .home, .corp, .mail, ...
      • potentially collisions
    • excess root / recursive lookups
      • somewhat mitigated by Aggressive NSEC
    • leaking of "internal" names

...but I wanna pony!

..wanna wanna pony!

  • Actually we say "Use something under a registered domain"
    • We are the adults, this is risky behavior, you don't actually want to do this
  • We also preach abstinence
  • Regardless of what we think of the behavior, we can't stop people doing this - but we can make it less risky.

.internal

  • Add .internal to IETF Special Use Names
  • Has to be a TLD for non-technical / aesthetic reasons
  • DNSSEC requires that this be added to the root (with a DNSSEC insecure delegation).
    • happy to cover the reasons off-line
    • no process for this.
      • Will require creating one!
  • Cannot force people to use it (no protocol police :-( )
  • Just like for RFC1918, when two companies merge, there will be entertainment - but, at least it will be constrained to one place in the namespace.

This was BCP

"Three practical methods to name the DNS domain are:

* Make the name a private domain name that is used for name resolution on the internal Small Business Server network. This name is usually configured with the first-level domain of .local. At the present time, the .local domain name is not registered on the Internet.
* Make the name a sub-domain of a publicly registered domain name. For
example, if the publicly registered domain name is Contoso.com, a sub-domain of Corp.contoso.com can be used.
* Make the name the same as a publicly registered domain name.

Most Small Business Server customers should use the first method. The following list describes some of the advantages when you use a separate and private domain name for the local Small Business Server network:

DNSOP - Singapore - .internal

By wkumari

DNSOP - Singapore - .internal

  • 376