North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Incompetance abounds at the InterNIC

  • From: Phil Howard
  • Date: Wed Jan 20 11:42:52 1999

John Fraizer wrote:

> 1) You should have domain servers for ANY domain you register that live in
> NON-RFC1918 space.  Otherwise, Why register the domain at all?  If it's for
> use behind the firewall, why not use or  You
> say "Because they want to receive email at the domain!"  Well, to receive
> email, the rest of the world has to be able to find the mx records and to
> do that, your domain servers have to live in NON-RFC space and we have now
> completely and totally blown your first point out of the water and made it,
> in your own words, "moot."

You have totally missed the concept that businesses can connect to other
businesses which connect other businesses and so on, and conduct network
protocols using the TCP/IP suite, just as if it were an Internet, but in
fact is highly isolated and segmented.  Any ONE company in it may only be
able to reach those companies they connected directly to, but the other
companies reach many more companies.

Using RFC1918 space for this won't work because there has to be some kind
of administration of the space to ensure enough uniqueness that no two
companies that are visible to any one company have the same addressing.
There can be only one such administration of any practicality even though
this "closed Internet" is chopped into isolated segments.

Further, many companies with these networks also allow direct access to
the real open Internet.  That means for sure that addresses in use on the
open Internet cannot be duplicated anywhere else.  So the allocation of
space within the closed network has to be unique even compared to the
open Internet.

So it makes sense that every company connecting this way must obtain their
own unique address space.

> 2) DNS servers that are behind a firewall are useless in the context you
> describe above.

Not true.  The DNS servers exist and are used by many of these companies.
Only those companies that need to use them can reach them.

> 3) You should NEVER pick random addresses.  Please refer to RFC1918.

Agreed.  And this does not happen (it once did, but some of the larger
companies that many of the other companies connect to laid down the rules
that said all addresses must be unique).

> 4) If you don't intend to be routed on the global internet, you SHOULD be
> required to use RFC1918 space.  NOBODY should be allocate routable address
> space for internal, off-net use.

This is neither practical nor possible.  wave your hands all you want, but
it won't happen because RFC1918 space cannot ever hope to allow every one
of these companies to have address space that they can communicate with
each other uniquely, entirely within the RFC1918 space.  There are two
reasons for this and based on mail I've received from a few people, it is
clear to me that a lot of people need these spelled out.

1.  There is not enough space in RFC1918 to assign UNIQUE addresses to each
    company that interconnects with many other companies, that further
    interconnect with many others, and on and on.

2.  Even if there was enough space, there is no one doing any administration
    of such space to ensure that all such assignments are sufficiently unique
    to ensure that every company connecting to many others will never see
    two or more such companies using the space part of RFC1918 space.

It seems many people still have their heads stuck in ivory towers and lack
the concepts of the real world.  I once did, so I know it happens.

Think of these "closed Internets" as businesses conducting business with
each other over the Internet, but then deciding to get guaranteed bandwidth
by directly connecting to each peer, not routing to the real open Internet,
and basically becoming isolated except for the fact that in many of these
companies their computers (servers and desktops) can not only reach many
other companies this way, but also the real open Internet.

Addresses must be unique unless they are entirely internal (links themselves
often can be, too, but this does get messy sometimes) within one company,
which is not the bulk of what this is.

Likewise, name spaces also have to be unique, and the NS servers that are
authority for them may not be reachable by you or perhaps even anyone else
on the open Internet.  But that doesn't mean they aren't real and being
used by many different businesses.

> >been included with the request.  Other ideas include limiting the number
> >of outstanding requests per contact.  If you have more than N unpaid
> >domains, you can't regiater any more on that contact until you either
> >pay up on some or delete some.
> This would be a moot effort.  What is going to stop the speculators from
> just generating random email addresses for admin, techincal and contact
> addresses.  It is very simple to route * to a single email box.

They probably can and probably will do this.  It's not an ultimate solution
but it migh quiet things down for a little while until a better solution can
finally be agreed on.

 --    *-----------------------------*      Phil Howard KA9WGN       *    --
  --   | Inturnet, Inc.              | Director of Internet Services |   --
   --  | Business Internet Solutions |       eng at        |  --
    -- *-----------------------------*      phil at        * --