rfc1918 ns records coming from internet are queried?
Sam Wilson
Sam.Wilson at ed.ac.uk
Thu Nov 27 10:59:07 UTC 2008
In article <ggkb3r$30qs$1 at sf1.isc.org>,
David Sparks <dave at ca.sophos.com> wrote:
> sthaug at nethelp.no wrote:
> >>> A border router knows what is "inside" and "outside" your network, while
> >>> a DNS server does not. Important difference.
> >> You're missing the point. This is not about inside and outside networks,
> >> it
> >> is about rfc1918 responses from internet queries.
> >
> > I'm afraid I have seen too many organizations using a mix of public and
> > RFC1918 IP addresses on the "inside". Thus I don't believe that you can
> > differentiate based on RFC1918 addresses or not on a general basis.
I work for one such organisation (and am responsible for the address
architecture).
> This is incorrect, you can always differentiate based on rfc1918 addresses.
> When a 3rd party gives you a rfc1918 address it is invalid.
But you've already said that you can't practically enumerate your
internal servers. Can you actually tell which are third parties which
ought not to be giving you rfc1918 addresses and which are internal
servers which should?
Sam
More information about the bind-users
mailing list