[ednog] RFC1918 addresses & BIND views

Kevin Miller kcmiller at duke.edu
Fri Dec 9 15:09:42 EST 2005

Good questions.

> 1. Are you _routing_ RFC1918 within your AS?  (For what applications are
> you using RFC1918 addresses?)

Yes. SCADA, network management, other general private network needs 
(console servers, classroom control systems, etc.)

> 2. Do you provide DNS for these RFC1918 addresses?


> 3. RFC1918 states:
> "Indirect references to such [private] addresses should be contained
> within the
>     enterprise. Prominent examples of such references are DNS Resource
>     Records and other information referring to internal private
>     addresses. In particular, Internet service providers should take
>     measures to prevent such leakage."
> In other words, publicly-accessible DNS information should not contain A 
> records (or other RRs) pointing to private address space.  If you 
> provide DNS, how do you deal with this issue?  Is anyone out there using 
> views in BIND?

Currently using a ".local" TLD. There is much debate on this subject, 
and going forward I would be more inclined to use a "local" zone derived 
from a "real" zone. I strongly prefer configuration of DNS servers such 
that these zones aren't accessible to the wide area, rather than views. 
For one, views require duplication of records that are accessible to both.

A better solution might be the ability to designate on a per-record 
basis the accessibility of that record.


More information about the ednog mailing list