BIND 9.2.1 and TCP
Kevin Darcy
kcd at daimlerchrysler.com
Fri Nov 8 21:31:49 UTC 2002
Thomas Schulz wrote:
> In article <aqeqmu$1k9d$1 at isrv4.isc.org>,
> Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> >
> >Mark.Andrews at isc.org wrote:
> >
> >> > Cricket Liu wrote:
> >> >
> >> > > Kevin Darcy wrote:
> >> > > > Sorry, I shouldn't have assumed it was public.
> >> > > >
> >> > > > Still, it's somewhat disgusting to mix public and private addresses
> >> > > > like that, not to mention the sheer number of NS records in the
> >> > > > RRset. IMHO amd.com is in serious need of subzoning.
> >> > >
> >> > > Why is mixing routable and RFC 1918 addresses disgusting? At
> >> > > HP, we used both net 15 and RFC 1918 addresses internally.
> >> > > I'm sure lots of companies use a mix.
> >> >
> >> > I guess we're rather disenchanted in general with RFC 1918 (ironic,
> >> > since one of the co-authors was a Chrysler guy), having gone through a
> >> > big merger, trying to get B2B stuff working over the ANX via IPSEC,
> >> > dealing with over-the-Internet VPNs, etc. The overall problems with RFC
> >> > 1918 are magnified, however, when it has been used willy-nilly with
> >> > seemingly no rhyme nor reason, so that you stumble across each landmine
> >> > one at a time...
> >> >
> >> > At least I never put any of my intranet nameservers on RFC 1918
> >> > addresses...
> >
> >> It's more a case of people trying to use them is places they
> >> wern't designed to be used. If you need to connect to someone
> >> outside of your site then you should have a globally routable
> >> address. If not RFC 1918 address are fine for communication.
> >
> >But how do you predict what connectivity you'll need years down the
> >road? We've even moved our mainframes off of RFC 1918 addresses, and it was
> >_unthinkable_ even a few years ago that we'd allow "external" entities to
> >connect directly into them. Basically we've regretted almost every RFC 1918
> >assignment we've made. For my home network, sitting behind a Linksys NAT, I
> >have no problem using RFC 1918 addresses; but for a large, dynamic,
> >unpredictable enterprise network, I don't think I'd choose that route
> >(assuming I had a big enough publically-routable address space)...
> >
> >- Kevin
>
> With a proper router you can use all RFC 1918 addresses and map each machine
> that should be externally acccessible to a specific publically-routable
> address. In our case, I maped our whole publically-routable address space
> to a sequential range of RFC 1918 address space, but our router does not
> require that the mapping be sequential. I could route any publically-routable
> address to any internal address. I can modify each mapping dynamicly.
> I set it up this way when changing ISPs. Now I can change our ISP again
> without having to change the address of any of our machines.
Well, NAT is a dirty word around here. To be perfectly honest, I think we'd
prefer to renumber our whole A class than to NAT even a single subnet.
But, we're getting pretty OT now...
- Kevin
More information about the bind-users
mailing list