Problems with resolving a local tld

Robert Moskowitz rgm at htt-consult.com
Thu Feb 28 18:38:12 UTC 2013 

On 02/28/2013 12:57 PM, Vernon Schryver wrote:
>> From: Robert Moskowitz <rgm at htt-consult.com>
>>> Well one really shouldn't be creating one's own tlds.
>> As the instigator and a co-author of rfc 1918, I beg to differ.
> Many people considered the notion in RFC 1918 harmful.  See RFC 1627.

Um, I lived that debate.

RFC 1597 came first. Then there was 1627. Then the IAB called for an 
armistice and the gang of 4 got together with the gang of 4 and produced 
1918. Postel claimed with a straight face that that number just happened 
to be next. Yeah right Jon; read RFC 2468...

> (My personal view was that standardizing the notion was better because
> it would minimize the harm suffered and caused by those who were going
> to use net-10 no matter what the other self-described experts, mavens,
> and gurus said.)

In many ways it was bad for the internet. But is your cup half full or 
half empty? IPv6 thus has not been rushed and we have taken time to 
hopefully get it right. I wonder what situation we would have been in if 
we did not have registered private addresses and we had free for all 
address food fights and a rush for IPv6? Well this is about bind and not 
about IP addressing...

Oh, and don't get me going on EIDs. Noel 'said' he was upset that I 
caved in first during the EID cabal effort.

>
>>                                                                  Many
>> have been using internal tlds for decades for various reasons. It works
>> fine for the client going to the servers of the zone, but my namecaching
>> server that is forwarding to same DNS server fails.
> Many things have worked fine for decades, are popular, and are even
> both popular and old.  Many of those old and popular things cause
> significant harm to their perpetrators and to others and are just
> plain stupid in almost all of their existing installations, such
> as not following BCP 38 or running open DNS resolvers.

Moving to views for my DNS was such a pain, and I was grateful in the 
end to get there. CIDR reverse in-addr.arpa allocations such a pain, and 
worth getting right (and I found a few errata in Liu's book along the 
way). Now if I can only get my ISP to delegate my ipv6.arpa subzone, I 
would be happier. We live and learn to be better. Hopefully.

> In other words, what does your private htt TLD do that could not be
> done at least as well as a private, secret sub-domain of one of your
> legitimate domains?

First it was a particular product that wanted to run in its own zone 
with its own dns server that I had to access from other systems; last 
version of it will be gone soon. Then it was a portable test lab that 
could work plugged in or isolated. Really now I could force things to 
work as a subzone; or at least I think I am nearly to that point in the 
upgrades. But there are some human interaction reasons for a very short 
fqdn for a class of testing. It has to be typed in real fast in a 
mobility demonstration, and it is the convenience factor for doing some 
testing. So it is just for testing, and if I can't get it working to 
this server, it will probably be OK; it works on the main server. After 
I complete the whole grumble grumble network upgrade.

But it is PHUN! I can have my own special tld for MY use in MY network!

All these stupid security layers just take the phun out of it. ;)'

More information about the bind-users mailing list