John Fraizer wrote:
1) You should have domain servers for ANY domain you register that live in NON-RFC1918 space. Otherwise, Why register the domain at all? If it's for use behind the firewall, why not use internic.net or whitehouse.gov? You say "Because they want to receive email at the domain!" Well, to receive email, the rest of the world has to be able to find the mx records and to do that, your domain servers have to live in NON-RFC space and we have now completely and totally blown your first point out of the water and made it, in your own words, "moot."
You have totally missed the concept that businesses can connect to other businesses which connect other businesses and so on, and conduct network protocols using the TCP/IP suite, just as if it were an Internet, but in fact is highly isolated and segmented. Any ONE company in it may only be able to reach those companies they connected directly to, but the other companies reach many more companies. Using RFC1918 space for this won't work because there has to be some kind of administration of the space to ensure enough uniqueness that no two companies that are visible to any one company have the same addressing. There can be only one such administration of any practicality even though this "closed Internet" is chopped into isolated segments. Further, many companies with these networks also allow direct access to the real open Internet. That means for sure that addresses in use on the open Internet cannot be duplicated anywhere else. So the allocation of space within the closed network has to be unique even compared to the open Internet. So it makes sense that every company connecting this way must obtain their own unique address space.
2) DNS servers that are behind a firewall are useless in the context you describe above.
Not true. The DNS servers exist and are used by many of these companies. Only those companies that need to use them can reach them.
3) You should NEVER pick random addresses. Please refer to RFC1918.
Agreed. And this does not happen (it once did, but some of the larger companies that many of the other companies connect to laid down the rules that said all addresses must be unique).
4) If you don't intend to be routed on the global internet, you SHOULD be required to use RFC1918 space. NOBODY should be allocate routable address space for internal, off-net use.
This is neither practical nor possible. wave your hands all you want, but it won't happen because RFC1918 space cannot ever hope to allow every one of these companies to have address space that they can communicate with each other uniquely, entirely within the RFC1918 space. There are two reasons for this and based on mail I've received from a few people, it is clear to me that a lot of people need these spelled out. 1. There is not enough space in RFC1918 to assign UNIQUE addresses to each company that interconnects with many other companies, that further interconnect with many others, and on and on. 2. Even if there was enough space, there is no one doing any administration of such space to ensure that all such assignments are sufficiently unique to ensure that every company connecting to many others will never see two or more such companies using the space part of RFC1918 space. It seems many people still have their heads stuck in ivory towers and lack the concepts of the real world. I once did, so I know it happens. Think of these "closed Internets" as businesses conducting business with each other over the Internet, but then deciding to get guaranteed bandwidth by directly connecting to each peer, not routing to the real open Internet, and basically becoming isolated except for the fact that in many of these companies their computers (servers and desktops) can not only reach many other companies this way, but also the real open Internet. Addresses must be unique unless they are entirely internal (links themselves often can be, too, but this does get messy sometimes) within one company, which is not the bulk of what this is. Likewise, name spaces also have to be unique, and the NS servers that are authority for them may not be reachable by you or perhaps even anyone else on the open Internet. But that doesn't mean they aren't real and being used by many different businesses.
been included with the request. Other ideas include limiting the number of outstanding requests per contact. If you have more than N unpaid domains, you can't regiater any more on that contact until you either pay up on some or delete some.
This would be a moot effort. What is going to stop the speculators from just generating random email addresses for admin, techincal and contact addresses. It is very simple to route *@domain.com to a single email box.
They probably can and probably will do this. It's not an ultimate solution but it migh quiet things down for a little while until a better solution can finally be agreed on. -- -- *-----------------------------* Phil Howard KA9WGN * -- -- | Inturnet, Inc. | Director of Internet Services | -- -- | Business Internet Solutions | eng at intur.net | -- -- *-----------------------------* phil at intur.net * --