idnits 2.17.1 draft-ietf-dnsop-default-local-zones-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 22, 2010) is 4966 days in the past. Is this intentional? Checking references for intended status: Best Current Practice ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) == Outdated reference: A later version (-09) exists of draft-ietf-dnsop-as112-ops-04 == Outdated reference: A later version (-06) exists of draft-ietf-dnsop-as112-under-attack-help-help-04 -- Obsolete informational reference (is this intentional?): RFC 5735 (Obsoleted by RFC 6890) Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Andrews 3 Internet-Draft ISC 4 Intended status: BCP September 22, 2010 5 Expires: March 26, 2011 7 Locally-served DNS Zones 8 draft-ietf-dnsop-default-local-zones-14 10 Abstract 12 Experience with the Domain Name System (DNS) has shown that there are 13 a number of DNS zones all iterative resolvers and recursive 14 nameservers should automatically serve, unless configured otherwise. 15 RFC 4193 specifies that this should occur for D.F.IP6.ARPA. This 16 document extends the practice to cover the IN-ADDR.ARPA zones for RFC 17 1918 address space and other well known zones with similar 18 characteristics. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on March 26, 2011. 37 Copyright Notice 39 Copyright (c) 2010 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 This document may contain material from IETF Documents or IETF 53 Contributions published or made publicly available before November 54 10, 2008. The person(s) controlling the copyright in some of this 55 material may not have granted the IETF Trust the right to allow 56 modifications of such material outside the IETF Standards Process. 57 Without obtaining an adequate license from the person(s) controlling 58 the copyright in such materials, this document may not be modified 59 outside the IETF Standards Process, and derivative works of it may 60 not be created outside the IETF Standards Process, except to format 61 it for publication as an RFC or to translate it into languages other 62 than English. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 67 1.1. Reserved Words . . . . . . . . . . . . . . . . . . . . . . 4 68 2. Effects on sites using RFC 1918 addresses. . . . . . . . . . . 5 69 3. Changes to Iterative Resolver Behaviour. . . . . . . . . . . . 5 70 4. Lists Of Zones Covered . . . . . . . . . . . . . . . . . . . . 6 71 4.1. RFC1918 Zones . . . . . . . . . . . . . . . . . . . . . . 6 72 4.2. RFC5735 and RFC5737 Zones . . . . . . . . . . . . . . . . 7 73 4.3. Local IPv6 Unicast Addresses . . . . . . . . . . . . . . . 7 74 4.4. IPv6 Locally Assigned Local Addresses . . . . . . . . . . 8 75 4.5. IPv6 Link Local Addresses . . . . . . . . . . . . . . . . 8 76 4.6. IPv6 Example Prefix . . . . . . . . . . . . . . . . . . . 8 77 5. Zones that are Out-Of-Scope . . . . . . . . . . . . . . . . . 8 78 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 79 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 80 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 81 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 82 9.1. Normative References . . . . . . . . . . . . . . . . . . . 10 83 9.2. Informative References . . . . . . . . . . . . . . . . . . 11 84 Appendix A. Change History [To Be Removed on Publication] . . . . 11 85 A.1. draft-ietf-dnsop-default-local-zones-14.txt . . . . . . . 12 86 A.2. draft-ietf-dnsop-default-local-zones-13.txt . . . . . . . 12 87 A.3. draft-ietf-dnsop-default-local-zones-12.txt . . . . . . . 12 88 A.4. draft-ietf-dnsop-default-local-zones-11.txt . . . . . . . 12 89 A.5. draft-ietf-dnsop-default-local-zones-10.txt . . . . . . . 12 90 A.6. draft-ietf-dnsop-default-local-zones-09.txt . . . . . . . 12 91 A.7. draft-ietf-dnsop-default-local-zones-08.txt . . . . . . . 12 92 A.8. draft-ietf-dnsop-default-local-zones-07.txt . . . . . . . 12 93 A.9. draft-ietf-dnsop-default-local-zones-06.txt . . . . . . . 12 94 A.10. draft-ietf-dnsop-default-local-zones-05.txt . . . . . . . 12 95 A.11. draft-ietf-dnsop-default-local-zones-04.txt . . . . . . . 12 96 A.12. draft-ietf-dnsop-default-local-zones-03.txt . . . . . . . 13 97 A.13. draft-ietf-dnsop-default-local-zones-02.txt . . . . . . . 13 98 A.14. draft-ietf-dnsop-default-local-zones-01.txt . . . . . . . 13 99 A.15. draft-ietf-dnsop-default-local-zones-00.txt . . . . . . . 13 100 A.16. draft-andrews-full-service-resolvers-03.txt . . . . . . . 13 101 A.17. draft-andrews-full-service-resolvers-02.txt . . . . . . . 13 102 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 13 104 1. Introduction 106 Experience with the Domain Name System (DNS, [RFC1034] and [RFC1035]) 107 has shown that there are a number of DNS zones that all iterative 108 resolvers and recursive nameservers SHOULD automatically serve, 109 unless intentionally configured otherwise. These zones include, but 110 are not limited to, the IN-ADDR.ARPA zones for the address space 111 allocated by [RFC1918] and the IP6.ARPA zones for locally assigned 112 unique local IPv6 addresses defined in [RFC4193]. 114 This recommendation is made because data has shown that significant 115 leakage of queries for these name spaces is occurring, despite 116 instructions to restrict them, and because it has therefore become 117 necessary to deploy sacrificial name servers to protect the immediate 118 parent name servers for these zones from excessive, unintentional, 119 query load [AS112] [I-D.draft-ietf-dnsop-as112-ops] 120 [I-D.draft-ietf-dnsop-as112-under-attack-help-help]. There is every 121 expectation that the query load will continue to increase unless 122 steps are taken as outlined here. 124 Additionally, queries from clients behind badly configured firewalls 125 that allow outgoing queries for these name spaces but drop the 126 responses, put a significant load on the root servers (forward but no 127 reverse zones configured). They also cause operational load for the 128 root server operators as they have to reply to enquiries about why 129 the root servers are "attacking" these clients. Changing the default 130 configuration will address all these issues for the zones listed in 131 Section 4. 133 [RFC4193] recommends that queries for D.F.IP6.ARPA be handled 134 locally. This document extends the recommendation to cover the IN- 135 ADDR.ARPA zones for [RFC1918] and other well known IN-ADDR.ARPA and 136 IP6.ARPA zones for which queries should not appear on the public 137 Internet. 139 It is hoped that by doing this the number of sacrificial servers 140 [AS112] will not have to be increased, and may in time be reduced. 142 This recommendation should also help DNS responsiveness for sites 143 which are using [RFC1918] addresses but do not follow the last 144 paragraph in Section 3 of [RFC1918]. 146 1.1. Reserved Words 148 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 149 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 150 document are to be interpreted as described in [RFC2119]. 152 2. Effects on sites using RFC 1918 addresses. 154 For most sites using [RFC1918] addresses, the changes here will have 155 little or no detrimental effect. If the site does not already have 156 the reverse tree populated the only effect will be that the name 157 error responses will be generated locally rather than remotely. 159 For sites that do have the reverse tree populated, most will either 160 have a local copy of the zones or will be forwarding the queries to 161 servers which have local copies of the zone. Therefore this 162 recommendation will not be relevant. 164 The most significant impact will be felt at sites that make use of 165 delegations for [RFC1918] addresses and have populated these zones. 166 These sites will need to override the default configuration expressed 167 in this document to allow resolution to continue. Typically, such 168 sites will be fully disconnected from the Internet and have their own 169 root servers for their own non-Internet DNS tree. 171 3. Changes to Iterative Resolver Behaviour. 173 Unless configured otherwise, an iterative resolver will now return 174 authoritatively (aa=1) name errors (RCODE=3) for queries within the 175 zones in Section 4, with the obvious exception of queries for the 176 zone name itself where SOA, NS and "no data" responses will be 177 returned as appropriate to the query type. One common way to do this 178 all at once is to serve empty (SOA and NS only) zones. 180 An implementation of this recommendation MUST provide a mechanism to 181 disable this new behaviour, and SHOULD allow this decision on a zone 182 by zone basis. 184 If using empty zones one SHOULD NOT use the same NS and SOA records 185 as used on the public Internet servers as that will make it harder to 186 detect the origin of the responses and thus any leakage to the public 187 Internet servers. This document recommends that the NS record 188 defaults to the name of the zone and the SOA MNAME defaults to the 189 name of the only NS RR's target. The SOA RNAME should default to 190 "nobody.invalid." [RFC2606]. Implementations SHOULD provide a 191 mechanism to set these values. No address records need to be 192 provided for the name server. 194 Below is an example of a generic empty zone in master file format. 195 It will produce a negative cache TTL of 3 hours. 197 @ 10800 IN SOA @ nobody.invalid. 1 3600 1200 604800 10800 198 @ 10800 IN NS @ 199 The SOA RR is needed to support negative caching [RFC2308] of name 200 error responses and to point clients to the primary master for DNS 201 dynamic updates. 203 SOA values of particular importance are the MNAME, the SOA RR's TTL 204 and the negTTL value. Both TTL values SHOULD match. The rest of the 205 SOA timer values MAY be chosen arbitrarily since they are not 206 intended to control any zone transfer activity. 208 The NS RR is needed as some UPDATE [RFC2136] clients use NS queries 209 to discover the zone to be updated. Having no address records for 210 the name server is expected to abort UPDATE processing in the client. 212 4. Lists Of Zones Covered 214 The following subsections are intended to seed the IANA registry as 215 requested in the IANA Considerations Section. Following the caveat 216 in that section, the list contains only reverse zones corresponding 217 to permanently assigned address space. The zone name is the entity 218 to be registered. 220 4.1. RFC1918 Zones 222 The following zones correspond to the IPv4 address space reserved in 223 [RFC1918]. 225 +----------------------+ 226 | Zone | 227 +----------------------+ 228 | 10.IN-ADDR.ARPA | 229 | 16.172.IN-ADDR.ARPA | 230 | 17.172.IN-ADDR.ARPA | 231 | 18.172.IN-ADDR.ARPA | 232 | 19.172.IN-ADDR.ARPA | 233 | 20.172.IN-ADDR.ARPA | 234 | 21.172.IN-ADDR.ARPA | 235 | 22.172.IN-ADDR.ARPA | 236 | 23.172.IN-ADDR.ARPA | 237 | 24.172.IN-ADDR.ARPA | 238 | 25.172.IN-ADDR.ARPA | 239 | 26.172.IN-ADDR.ARPA | 240 | 27.172.IN-ADDR.ARPA | 241 | 28.172.IN-ADDR.ARPA | 242 | 29.172.IN-ADDR.ARPA | 243 | 30.172.IN-ADDR.ARPA | 244 | 31.172.IN-ADDR.ARPA | 245 | 168.192.IN-ADDR.ARPA | 246 +----------------------+ 248 4.2. RFC5735 and RFC5737 Zones 250 The following zones correspond to those address ranges from [RFC5735] 251 and [RFC5737] that are not expected to appear as source or 252 destination addresses on the public Internet and to not have a unique 253 name to associate with. 255 The recommendation to serve an empty zone 127.IN-ADDR.ARPA is not a 256 attempt to discourage any practice to provide a PTR RR for 257 1.0.0.127.IN-ADDR.ARPA locally. In fact, a meaningful reverse 258 mapping should exist, but the exact setup is out of the scope of this 259 document. Similar logic applies to the reverse mapping for ::1 260 (Section 4.3). The recommendations made here simply assume no other 261 coverage for these domains exists. 263 +------------------------------+------------------------+ 264 | Zone | Description | 265 +------------------------------+------------------------+ 266 | 0.IN-ADDR.ARPA | IPv4 "THIS" NETWORK | 267 | 127.IN-ADDR.ARPA | IPv4 LOOP-BACK NETWORK | 268 | 254.169.IN-ADDR.ARPA | IPv4 LINK LOCAL | 269 | 2.0.192.IN-ADDR.ARPA | IPv4 TEST NET 1 | 270 | 100.51.198.IN-ADDR.ARPA | IPv4 TEST NET 2 | 271 | 113.0.203.IN-ADDR.ARPA | IPv4 TEST NET 3 | 272 | 255.255.255.255.IN-ADDR.ARPA | IPv4 BROADCAST | 273 +------------------------------+------------------------+ 275 4.3. Local IPv6 Unicast Addresses 277 The reverse mappings ([RFC3596], Section 2.5 IP6.ARPA Domain) for the 278 IPv6 Unspecified (::) and Loopback (::1) addresses ([RFC4291], 279 Sections 2.4, 2.5.2 and 2.5.3) are covered by these two zones: 281 +-------------------------------------------+ 282 | Zone | 283 +-------------------------------------------+ 284 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\ | 285 | 0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA | 286 | 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\ | 287 | 0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA | 288 +-------------------------------------------+ 290 Note: Line breaks and a escapes '\' have been inserted above for 291 readability and to adhere to line width constraints. They are not 292 parts of the zone names. 294 4.4. IPv6 Locally Assigned Local Addresses 296 Section 4.4 of [RFC4193] already required special treatment of: 298 +--------------+ 299 | Zone | 300 +--------------+ 301 | D.F.IP6.ARPA | 302 +--------------+ 304 4.5. IPv6 Link Local Addresses 306 IPv6 Link-Local Addresses as of [RFC4291], Section 2.5.6 are covered 307 by four distinct reverse DNS zones: 309 +----------------+ 310 | Zone | 311 +----------------+ 312 | 8.E.F.IP6.ARPA | 313 | 9.E.F.IP6.ARPA | 314 | A.E.F.IP6.ARPA | 315 | B.E.F.IP6.ARPA | 316 +----------------+ 318 4.6. IPv6 Example Prefix 320 IPv6 example prefix [RFC3849]. 322 +--------------------------+ 323 | Zone | 324 +--------------------------+ 325 | 8.B.D.0.1.0.0.2.IP6.ARPA | 326 +--------------------------+ 328 Note: 8.B.D.0.1.0.0.2.IP6.ARPA is not being used as an example here. 330 5. Zones that are Out-Of-Scope 332 IPv6 site-local addresses (deprecated, see [RFC4291] Sections 2.4 and 333 2.5.7), and IPv6 Non-Locally Assigned Local addresses ([RFC4193]) are 334 not covered here. 336 It is expected that IPv6 site-local addresses will be self correcting 337 as IPv6 implementations remove support for site-local addresses. 338 However, sacrificial servers for the zones C.E.F.IP6.ARPA through 339 F.E.F.IP6.ARPA may still need to be deployed in the short term if the 340 traffic becomes excessive. 342 For IPv6 Non-Locally Assigned Local addresses (L = 0) [RFC4193], 343 there has been no decision made about whether the Regional Internet 344 Registries (RIRs) will provide delegations in this space or not. If 345 they don't, then C.F.IP6.ARPA will need to be added to the list in 346 Section 4.4. If they do, then registries will need to take steps to 347 ensure that name servers are provided for these addresses. 349 IP6.INT was once used to provide reverse mapping for IPv6. IP6.INT 350 was deprecated in [RFC4159] and the delegation removed from the INT 351 zone in June 2006. While it is possible that legacy software 352 continues to send queries for names under the IP6.INT domain, this 353 document does not specify that IP6.INT be considered a local zone. 355 This document has also deliberately ignored names immediately under 356 the root domain. While there is a subset of queries to the root name 357 servers which could be addressed using the techniques described here 358 (e.g. .local, .workgroup and IPv4 addresses), there is also a vast 359 amount of traffic that requires a different strategy (e.g. lookups 360 for unqualified hostnames, IPv6 addresses). 362 6. IANA Considerations 364 This document requests that IANA establish a registry of zones which 365 require this default behaviour. The initial contents of this 366 registry are defined in Section 4. Implementors are encouraged to 367 periodically check this registry and adjust their implementations to 368 reflect changes therein. 370 This registry can be amended through "IETF Review" as per [RFC5226]. 371 As part of this review process it should be noted that once a zone is 372 added it is effectively added permanently; once an address range 373 starts being configured as a local zone in systems on the Internet, 374 it will be impossible to reverse those changes. 376 IANA should co-ordinate with the RIRs to ensure that, as DNSSEC is 377 deployed in the reverse tree, delegations for these zones are made in 378 the manner described in Section 7. 380 7. Security Considerations 382 During the initial deployment phase, particularly where [RFC1918] 383 addresses are in use, there may be some clients that unexpectedly 384 receive a name error rather than a PTR record. This may cause some 385 service disruption until their recursive name server(s) have been re- 386 configured. 388 As DNSSEC is deployed within the IN-ADDR.ARPA and IP6.ARPA 389 namespaces, the zones listed above will need to be delegated as 390 insecure delegations, or be within insecure zones. This will allow 391 DNSSEC validation to succeed for queries in these spaces despite not 392 being answered from the delegated servers. 394 It is recommended that sites actively using these namespaces secure 395 them using DNSSEC [RFC4035] by publishing and using DNSSEC trust 396 anchors. This will protect the clients from accidental import of 397 unsigned responses from the Internet. 399 8. Acknowledgements 401 This work was supported by the US National Science Foundation 402 (research grant SCI-0427144) and DNS-OARC. 404 9. References 406 9.1. Normative References 408 [RFC1034] Mockapetris, P., "DOMAIN NAMES - CONCEPTS AND FACILITIES", 409 STD 13, RFC 1034, November 1987. 411 [RFC1035] Mockapetris, P., "DOMAIN NAMES - IMPLEMENTATION AND 412 SPECIFICATION", STD 13, RFC 1035, November 1987. 414 [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., 415 and E. Lear, "Address Allocation for Private Internets", 416 BCP 5, RFC 1918, February 1996. 418 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 419 Requirement Levels", BCP 14, RFC 2119, March 1997. 421 [RFC2136] Vixie, P., Thomson, A., Rekhter, Y., and J. Bound, 422 "Dynamic Updates in the Domain Name System (DNS UPDATE)", 423 RFC 2136, April 1997. 425 [RFC2308] Andrews, M., "Negative Caching of DNS Queries (DNS 426 NCACHE)", RFC 2308, March 1998. 428 [RFC2606] Eastlake, D. and A. Panitz, "Reserved Top Level DNS 429 Names", BCP 32, RFC 2606, June 1999. 431 [RFC3596] Thomson, S., Huitema, C., Ksinant, V., and M. Souissi, 432 "DNS Extensions to Support IPv6", RFC 3596, October 2003. 434 [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. 435 Rose, "Protocol Modifications for the DNS Security 436 Extensions", RFC 4035, March 2005. 438 [RFC4159] Huston, G., "Deprecation of "ip6.int"", BCP 109, RFC 4159, 439 August 2005. 441 [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast 442 Addresses", RFC 4193, October 2005. 444 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 445 Architecture", RFC 4291, February 2006. 447 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 448 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 449 October 2008. 451 9.2. Informative References 453 [AS112] "AS112 Project", . 455 [I-D.draft-ietf-dnsop-as112-ops] 456 Abley, J. and W. Maton, "AS112 Nameserver Operations", 457 draft-ietf-dnsop-as112-ops-04 (work in progress), 458 July 2010. 460 [I-D.draft-ietf-dnsop-as112-under-attack-help-help] 461 Abley, J. and W. Maton, "I'm Being Attacked by 462 PRISONER.IANA.ORG!", 463 draft-ietf-dnsop-as112-under-attack-help-help-04 (work in 464 progress), July 2010. 466 [RFC3849] Huston, G., Lord, A., and P. Smith, "IPv6 Address Prefix 467 Reserved for Documentation", RFC 3849, July 2004. 469 [RFC5735] Cotton, M. and L. Vergoda, "Special-Use IPv4 Addresses", 470 RFC 5735, January 2010. 472 [RFC5737] Arkko, J., Cotton, M., and L. Vergoda, "IPv4 Address 473 Blocks Reserved for Documentation", RFC 5737, 474 January 2010. 476 Appendix A. Change History [To Be Removed on Publication] 477 A.1. draft-ietf-dnsop-default-local-zones-14.txt 479 Removed ORCHID prefix. 481 A.2. draft-ietf-dnsop-default-local-zones-13.txt 483 Inclusion of ORCHID prefix. 485 reference updates. 487 A.3. draft-ietf-dnsop-default-local-zones-12.txt 489 Update IP6.INT's non inclusion rational. 491 Removed Appendix B, which requested BCP status, as it was redundant. 493 A.4. draft-ietf-dnsop-default-local-zones-11.txt 495 Change RFC 3330 to RFC 5735 497 A.5. draft-ietf-dnsop-default-local-zones-10.txt 499 added RFC 5737 zones 501 A.6. draft-ietf-dnsop-default-local-zones-09.txt 503 refresh awaiting writeup 505 A.7. draft-ietf-dnsop-default-local-zones-08.txt 507 editorial, reference updates 509 A.8. draft-ietf-dnsop-default-local-zones-07.txt 511 none, expiry prevention 513 A.9. draft-ietf-dnsop-default-local-zones-06.txt 515 add IPv6 example prefix 517 A.10. draft-ietf-dnsop-default-local-zones-05.txt 519 none, expiry prevention 521 A.11. draft-ietf-dnsop-default-local-zones-04.txt 523 Centrally Assigned Local addresses -> Non-Locally Assigned Local 524 address 526 A.12. draft-ietf-dnsop-default-local-zones-03.txt 528 expanded section 4 descriptions 530 Added references [RFC2136], [RFC3596], 531 [I-D.draft-ietf-dnsop-as112-ops] and 532 [I-D.draft-ietf-dnsop-as112-under-attack-help-help]. 534 Revised language. 536 A.13. draft-ietf-dnsop-default-local-zones-02.txt 538 RNAME now "nobody.invalid." 540 Revised language. 542 A.14. draft-ietf-dnsop-default-local-zones-01.txt 544 Revised impact description. 546 Updated to reflect change in IP6.INT status. 548 A.15. draft-ietf-dnsop-default-local-zones-00.txt 550 Adopted by DNSOP. 552 "Author's Note" re-titled "Zones that are Out-Of-Scope" 554 Add note that these zone are expected to seed the IANA registry. 556 Title changed. 558 A.16. draft-andrews-full-service-resolvers-03.txt 560 Added "Proposed Status". 562 A.17. draft-andrews-full-service-resolvers-02.txt 564 Added 0.IN-ADDR.ARPA. 566 Author's Address 568 Mark P. Andrews 569 Internet Systems Consortium 570 950 Charter Street 571 Redwood City, CA 94063 572 US 574 Email: marka@isc.org