Public and Private A Records in a Forward Zone
Martin McCormick
martin at dc.cis.okstate.edu
Sat Jan 15 02:12:00 UTC 2005
We deligated a zone for an Active Directory operation on our
campus about a year ago and I was looking at their zone recently. It
has normal public IP-space A records in it but also hundreds of A
records that have private IP-space addresses.
I asked the DNS administrator for that zone what these were
for and he explained that they were mostly for one of our remote
campuses.
I have been telling anybody who will listen that this is a
very bad thing because the private addresses end in our domain name
and can be looked up from anywhere in the universe with Internet
Access. Queries might be made to the DNS that result in address
replies containing unreachable addresses.
The real solution might be a split DNS at every campus but
then we would have to maintain a copy of our public address space in
addition to the private space for use by our internal customers.
Is there any other solution I am not thinking about?
Maintaining a parallel version of a dynamic zone and keeping
it synchronized with the outside view doesn't sound like much fun.
As it stands now, our master zone has NS records in it for the
Active Directory controllers so we pretty much have to take what ever
is there.
Is this a common problem? I am surprised things work as well
as they do. It simply looks so _WRONG_!
Ah for the good old days when our zone was orthogonal, both forward
and reverse and there were no junk private records in it. We've got
over 500 right now.
Thanks for any thoughts on this matter.
Martin McCormick WB5AGZ Stillwater, OK
OSU Information Technology Division Network Operations Group
More information about the bind-users
mailing list