Forwarding ARPA records.
Roy Arends
Roy.Arends at nominum.com
Mon Sep 3 03:51:13 UTC 2001
On Sun, 2 Sep 2001, Jonathan de Boyne Pollard wrote:
> AL> Has anyone got an example for me to look at?
>
> There are two fully worked examples at
><URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/avoid-rfc-2317-delegation.html>.
> The document is addressed to the person receiving such a delegation.
> You, as the person who is delegating, will need to do what is
> described in the "What your ISP does ..." sections.
The document does NOT describe a valid DNS setup. It is simply illegal.
Please, completely ignore this setup.
Following the ignorant example on your site would lead to that machine
being authoritative for the in-addr.arpa. domain. Only the
[a-i].root-servers.net. should be authoritative for those.
This set-up will leak incorrect/dangerous/poisonous info through
authoritative & additional sections. For a provider with old caches (those
that will cache authoritative/additional section) that happen to have
cached yours, has the rest of the reverse name-space unavailable during
TTL of the RR's in the sections.
Bad. Very very bad.
Roy Arends
Nominum
-------------
0-14-023750-X dcrpt ths 43.0D.01 01.05.0C 84.18.03 8A.13.04 2D.0B.0A
More information about the bind-users
mailing list