[ednog] RFC1918 addresses & BIND views
Kevin Miller
kcmiller at duke.edu
Fri Dec 9 15:09:42 EST 2005
Good questions.
> 1. Are you _routing_ RFC1918 within your AS? (For what applications are
> you using RFC1918 addresses?)
Yes. SCADA, network management, other general private network needs
(console servers, classroom control systems, etc.)
> 2. Do you provide DNS for these RFC1918 addresses?
Yes
> 3. RFC1918 states:
>
> "Indirect references to such [private] addresses should be contained
> within the
> enterprise. Prominent examples of such references are DNS Resource
> Records and other information referring to internal private
> addresses. In particular, Internet service providers should take
> measures to prevent such leakage."
>
> In other words, publicly-accessible DNS information should not contain A
> records (or other RRs) pointing to private address space. If you
> provide DNS, how do you deal with this issue? Is anyone out there using
> views in BIND?
Currently using a ".local" TLD. There is much debate on this subject,
and going forward I would be more inclined to use a "local" zone derived
from a "real" zone. I strongly prefer configuration of DNS servers such
that these zones aren't accessible to the wide area, rather than views.
For one, views require duplication of records that are accessible to both.
A better solution might be the ability to designate on a per-record
basis the accessibility of that record.
-Kevin
More information about the ednog
mailing list