RE: [ossig] DNS equivalent of RFC1918 private IPs?

[UWE HEINZ RUDI DIPPEL <Udippel@uniten.edu.my>]

Christopher,

I'm not too sure I get what you ask, except of a reserved namespace. AFAIK,
there isn't such.

For the rest I might misunderstand you. So bear with me. 
As long as your ISP does not offer delegation, you are safe, in any case.
Because nobody points to your DNS. (Actually, I wouldn't mind at all if my
ISP did, because then I could have my own real-world domain easily.)
Except someone somwhow ends up at your DNS as cracker or by coincidence. The
latter unlikely. Then your DNS would give out a (probably) RFC1918-compliant
address. So what ? Don't like this, neither, privacy et al ? allow-query and
allow-recursion are your good friends in named.conf.
Close port 53 on your firewall if you are paranoid.

I also don't understand the "no root server  would ever return". DNS is an
*hierarchical* database-structure, so they wouldn't since there is no
propagation. Even if someone else ever took your .foo.com, it wouldn't
interfere.
Don't forget the notify no, then.


I had the idea of   just putting myself into a   totally bogus TLD  like
.foo.  But BIND is so broken that I don't  want to tempt  it with such a
wacky configuration and djbdns doesn't do dynamic updates >:b

Why do you consider BIND 'so broken' and why is it 'wacky' if it serves as
SOA for christopher.de.marco.net compared to support.microsoft.com ? BIND
definitively lacks *any* intelligence to ever bother ..!

Sorry if I got your intention wrong ...

Uwe

------------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message