[arin-ppml] ULA-C and reverse DNS
michael.dillon at bt.com
michael.dillon at bt.com
Mon Mar 22 11:53:17 EDT 2010
> If ULA-Central is not going to include authoritative reverse
> DNS, then I'm not sure the point of doing ULA-Central. One
> of the biggest problem I have with RFC1918 is the brain
> damage it causes in DNS, ULA-Random has this same brain
> damage. I see no point in doing ULA-Central if it doesn't
> include reverse DNS too.
ULA addresses, both the C and RANDOM varieties, are intended
to be used local to a specific network. That means that the
network will have certain boundaries at which traffic using
ULA addresses will be blocked. These could be site boundaries
or private network boundaries) including a global VPN, or in the
case of M/A companies, the collective boundary could be the
union of two or more private networks with one or two ISPs
included who have special arrangements to carry the ULA traffic.
So, however vague the thing with boundaries might be, it does
have boundaries and all queries for the ULA addresses will
originate within those boundaries. I see no good reason for
a service to be provided to this bounded network from the public
Internet. Inside their boundaries, they can run their own
reverse DNS servers, or some kind of DNS proxy which fakes
NS records so that it looks like ARIN servers have delegated
the reverse DNS for the ULA'C block. It all stays inside.
Now there is no reason why a commercial provider on the Internet
could not offer such reverse DNS services and deliver them by
extending a VPN tunnel to the bounded network, but that is still
not on the public Internet, as has always been intended.
--Michael Dillon
More information about the ARIN-PPML
mailing list