Since new.net is a perfectly legitimate domain under the rules that you support, I think black holing that domain or their routes would be a Bad Idea. You could however make your nameservers authoritative for every 1,2,3 and 4 character TLD not in the standard root.zone to prevent private TLD leakage into your network (from any source). As an experiment I created a named.conf stub that can be appended to a regular named.conf file and a sample generic zone file that can be used once for all of the private TLD's: http://kl.net/tld/ (the sample zone file is called 'a' to minimize the size of the named.conf file). Unfortunately, it's 58 Megs so it wouldn't be practical to use on all but the beefiest nameservers. Perhaps there should be an RFC for "private TLD" namespace like RFC1918. KL Jeff Workman wrote:
OK here's an idea, everybody:
Since new.net (and others) seem to want to blatantly ignore the standards set forth by the IETF, ICANN, and others, why don't we "bend" the standards and stack the deck in our own favor? Let's all make our own DNS servers authoritative for "new.net." And, to prevent people from finding out the IP addresses and getting to new.net that way, either blackhole the routes, or add host routes on your LAN that points to some www server/page that points out why what new.net is doing is a Bad Thing.
We need new TLDs in order to support the growth of the internet. However, we don't need to do it the way new.net is, and they need to be nipped in the bud.
Jeff
-- "...and the burnt fool's bandaged finger goes wobbling back to the fire." -Joe Zeff in the SDM.