domain name for a RFC 1918 intranet
Andreas Meile
andreas.meile at onsite.ch
Thu Oct 18 07:33:55 UTC 2001
Dear DNS users
I recently had a larger controversy in ch.comp.networks (Swiss usenet
forum) about choosing a suitable domain name for a private TCP/IP
network which uses IP addresses according to RFC 1918 (the well known
10.*.*.*/172.[16-31].*.*/192.168.*.* IP address ranges) and which is
behind a firewall and uses NAT (Network Address Translation) to access
to the Internet.
As well known, DNS and BIND has been defined and developed in an age
of the Internet where every network component got an official IP
address and where firewalls were uncommon. Today, we have the
situation that such a private intranet cannot simply attached to the
world wide DNS hierarchy as intended in the classic DNS
specifications. For security reasons, it's even desired to hide the
internal hostname/IP address details opposite the Internet, so a
cracker cannot get a "map" of the corporate network.
In the discussion above, my point of view was to use a ".loc" ending
domain as recommended by Microsoft in an ADS (Active Directory
Services) based Windows 2000 network, for example a company called
Foobar Ltd. whose public Web site is http://www.foobar.com/, an
internal PC could get the name "pc02.foobar.loc". Typically, I
configure the internal BIND as slave server and use the public DNS
servers as forwarders.
Anotherbody meant that ".loc" violates the standard, a third level
domain should be the correct selection, for example
"pc02.intranet.foobar.com". He said, I have to define an internal DNS
with a zone file "intranet.foobar.com" with all names. On the public
DNS server, there should be also a zone "intranet.foobar.com" but with
empty content. The DHCP configuration in the internal network of
course tells the internal DNS only to every workstation.
Technically, both ways will work correctly. So I'm simply seeking for
an _authoritative_ source of standard (preferably a RFC document
[number]) which provides a *clear* answer for this issue. So at the
moment, both solutions seem to be based on personal opinions...
A lively discussion with your own opinions as well as hints to such an
authoritative source are appreciated. :-)
Andreas
--------------------------
Andreas Meile, Abt. Systementwicklung, Tel. direkt: +41 52 260 34 94
onsite solutions ag, Archstrasse 2, CH-8401 Winterthur (Switzerland)
Tel. +41 52 260 34 70 Fax +41 52 214 07 80
e-Mail: info at onsite.ch WWW: http://www.onsite.ch/
More information about the bind-users
mailing list