From: Phil Howard <phil@whistler.intur.net> :John Fraizer wrote: : :> 1) You should have domain servers for ANY domain you register that live in :> NON-RFC1918 space. Otherwise, Why register the domain at all? If it's for :> use behind the firewall, why not use internic.net or whitehouse.gov? You :> say "Because they want to receive email at the domain!" Well, to receive :> email, the rest of the world has to be able to find the mx records and to :> do that, your domain servers have to live in NON-RFC space and we have now :> completely and totally blown your first point out of the water and made it, :> in your own words, "moot." : :You have totally missed the concept that businesses can connect to other :businesses which connect other businesses and so on, and conduct network :protocols using the TCP/IP suite, just as if it were an Internet, but in :fact is highly isolated and segmented. Any ONE company in it may only be :able to reach those companies they connected directly to, but the other :companies reach many more companies. : :Using RFC1918 space for this won't work because there has to be some kind :of administration of the space to ensure enough uniqueness that no two :companies that are visible to any one company have the same addressing. :There can be only one such administration of any practicality even though :this "closed Internet" is chopped into isolated segments. : :Further, many companies with these networks also allow direct access to :the real open Internet. That means for sure that addresses in use on the :open Internet cannot be duplicated anywhere else. So the allocation of :space within the closed network has to be unique even compared to the :open Internet. : :So it makes sense that every company connecting this way must obtain their :own unique address space. His original argument was that you should have domain servers available for domains registered through internic. You seem to be arguing an entirely different point. If a domain is to be used exclusively behind a firewall, with no outside connectivity, then you should use a reserved TLD (I know there are a few, I don't know what they are though.) All of your other points can be taken care of with Network Address Translation, which is trivial to implement. --Adam