Looking for way to mark a zone no-xfer for a sub-domain .
Bill Manning
bmanning at ISI.EDU
Sat Sep 9 10:54:01 UTC 2000
% > > Georgi> Is using of rfc1918 addresses together with
% > > Georgi> real IP in zone file prohibited?
% > >
% > > No. Why would it be? RFC1918 addresses are valid IP addresses.
% >
% > The obvious exception here is NS records for delegation hints. You really
% > should not use 1918 addresses to point to authoritative servers for a
% > zone, since external resolvers will never go to the right server.
% >
% > MX records can also have problems in those cases where the MX list
% > includes 1918 addresses which are also valid mail systems on the remote
% > network. If a remote mailer tries sending to a 1918 address and delivery
% > to a local server succeeds (due to overlapping addresses), the mail may
% > not get delivered if the mailer decides there's a configuration error.
%
% These are perfectly valid. When used within the private internet.
% Obviously, it is their use on the public Internet that is a problem.
%
% Go with split DNS, already. Jim Reid's first answer was definitive.
The kicker is that RFC 1918 addresses in email headers
are -NOT- filtered by NATs/Firewalls and so escape into
the Internet. They ought to be re-written at the ALG.
--
--bill
More information about the bind-users
mailing list