BIND 9.2.1 and TCP

[Kevin Darcy]

Mark.Andrews at isc.org wrote:

> >
> > Cricket Liu wrote:
> >
> > > Kevin Darcy wrote:
> > > > Sorry, I shouldn't have assumed it was public.
> > > >
> > > > Still, it's somewhat disgusting to mix public and private addresses
> > > > like that, not to mention the sheer number of NS records in the
> > > > RRset. IMHO amd.com is in serious need of subzoning.
> > >
> > > Why is mixing routable and RFC 1918 addresses disgusting?  At
> > > HP, we used both net 15 and RFC 1918 addresses internally.
> > > I'm sure lots of companies use a mix.
> >
> > I guess we're rather disenchanted in general with RFC 1918 (ironic,
> > since one of the co-authors was a Chrysler guy), having gone through a
> > big merger, trying to get B2B stuff working over the ANX via IPSEC,
> > dealing with over-the-Internet VPNs, etc. The overall problems with RFC
> > 1918 are magnified, however, when it has been used willy-nilly with
> > seemingly no rhyme nor reason, so that you stumble across each landmine
> > one at a time...
> >
> > At least I never put any of my intranet nameservers on RFC 1918
> > addresses...
> >

>        It's more a case of people trying to use them is places they
>         wern't designed to be used.  If you need to connect to someone
>         outside of your site then you should have a globally routable
>         address.  If not RFC 1918 address are fine for communication.

But how do you predict what connectivity you'll need years down the
road? We've even moved our mainframes off of RFC 1918 addresses, and it was
_unthinkable_ even a few years ago that we'd allow "external" entities to
connect directly into them. Basically we've regretted almost every RFC 1918
assignment we've made. For my home network, sitting behind a Linksys NAT, I
have no problem using RFC 1918 addresses; but for a large, dynamic,
unpredictable enterprise network, I don't think I'd choose that route
(assuming I had a big enough publically-routable address space)...


- Kevin