p...@softinengines.com (Peter Skvarka) writes: >If I understand good your answer, the only way how to disallow resolver >to query reverse translation for target private IP is to deploy DNS >service for machines with private IPs ?
Programs (like ping without the -n option) want to resolve IP addresses and they will do it in the way you have configured name resolution. There is no way to make arbitrary programs do that selectively for particular IP addresses. The programs would need to filter themselves, and very few do. So, if you do not want to query a public DNS server for private IPs, you need to provide a local name resolution method instead. Usually, that's not a problem. The systems exist in a private (RFC1918) network and some router or other dedicated system assigns addresses via DHCP and also provides a DNS service. Another popular setup is to run a local DNS service on each machine that intercepts queries to private IPs. You can do that with the provided 'named' and 'unbound' programs. A simple, but less versatile, method is to just put information for private IPs into each /etc/hosts file. The least versatile, but even simpler, method is to not configure a resolver at all and rely on /etc/hosts only. If you are used to MacOS, you probably also know "Bonjour". This includes a multicast-DNS system for resolving local names. NetBSD also supports this with the 'mdnsd' service. But then you probably want all your systems to use multicast-DNS.
