On Mon, 07.12.15 13:25, Gerd Hoffmann (kraxel@xxxxxxxxxx) wrote: > Hi, > > > Quite frankly: a setup like this one isn't just very typical for home > > router networks, but also in many companies, where ".lan" or > > ".companyname" or something like that is frequently established in the > > internal network. And you will make Fedora incompatible with all these > > networks by default. > > Even if you don't grab some random name it still is a problem. /me runs > home.kraxel.org zone for my home network (and, yes, kraxel.org is mine). > That zone isn't visible outsize my home network, if you try to resolve > that by walking down from the root zone you wouldn't find it, you have > to use the local dns server propagated by dhcp. This case should actually not be a problem normally, even with DNSSEC, since in such a case you wouldn't enable DNSSEC on kraxel.org. If you want to do such "split horizon" setups, then don't sign your zones. I think that's a completely fair requirement to make, and if you did sign your domains then this should really mean "don't allow anything below my domain except what I define here or delegated". The problem is pretty much limited to top-level domains, where those routers and company networks invented stuff. Lennart -- Lennart Poettering, Red Hat -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
