On Mon, 7 Dec 2015, Lennart Poettering wrote:
Hmm? If I work for a company "Foo Corp" that defined .foocorp as its private TLD, then I won't be able to access servers in that local network until I added .foocorp to a local whitelist
Foo Corp should not have done that. If you had picked .hotel or .pizza you would have noticed this already. If you had picked .corp you would soon find your domain blackholed at AS112. Basically, you got away with domain squatting but with DNSSEC this has become indistinguishable from a DNS attack. With DNSSEC validation moving towards to stub, it will just fail. Move your own domains within one of your real legitimate domains, and you have the freedom to do whatever you want. Start moving away from split DNS because that's going to be very hard to support. Paul -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
