mirror of
https://github.com/google/nomulus
synced 2026-06-09 16:33:02 +00:00
6a47287da7
Reject loopback, link-local, site-local, wildcard, and multicast IP addresses during host creation and update flows. Glue records (A/AAAA records published in the parent zone for subordinate name servers) must point to globally routable, public IP addresses to ensure that recursive DNS resolvers on the public internet can reach the authoritative name servers. Using non-public or non-routable IP addresses in glue records is invalid for the following reasons: - Loopback (127.0.0.1, ::1) and Any-Local (0.0.0.0, ::) addresses point back to the client or are unspecified, causing resolvers to query themselves and fail. - Private/Site-Local (e.g., 10.0.0.0/8, 192.168.0.0/16) and Link-Local (169.254.0.0/16) addresses are not routable on the public internet, rendering the delegated domain completely unreachable to external clients. - Multicast addresses are designed for one-to-many delivery and cannot be used for standard unicast DNS queries to a specific name server. Rename LoopbackIpNotValidForHostException to IpAddressNotRoutableException to reflect the broader set of forbidden non-routable IP addresses.