Date: Wed, 26 Nov 2008 21:09:53 +0100 (CET)
To: [EMAIL PROTECTED]
Subject: Re: rfc1918 ns records coming from internet are queried?
From: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
A border router knows what is inside and outside your network, while
a DNS server does not. Important
I'm looking for a way to set a policy that named wont
query
rfc1918 nameserver addresses returned from a non-rfc1918 query.
Would this be
a bad policy?
You could use netmasks with your server statements, like this:
server 10.0.0.0/8 {
bogus yes;
};
server 172.16.0.0/12 {
On Nov 26, 2008, at 11:49 AM, David Sparks wrote:
However, if you're concerned, it's pretty easy to set up a more
secure
infrastructure. Put a resolver (resolving name server) at the edge of
your network (in a DMZ, presumably) that knows nothing of internal
domains (nor IP address space). It
A border router knows what is inside and outside your network, while
a DNS server does not. Important difference.
You're missing the point. This is not about inside and outside networks, it
is about rfc1918 responses from internet queries.
I'm afraid I have seen too many organizations
Problem: when querying asdf.ad.rice.edu, bind sends queries into my local
network (specifically to 10.129.92.100, which is not a ns) which I find
undesirable.
Is there any way to disable this behavior? Is it expected that bind queries
rfc1918 nameserver addresses from non-rfc1918 queries? I
5 matches
Mail list logo