On Thu, 20 Feb 2025 at 06:51, Michael van Elst <mlel...@serpens.de> wrote: > > p...@softinengines.com (Peter Skvarka) writes: > > >If I understand good your answer, the only way how to disallow resolver > >to query reverse translation for target private IP is to deploy DNS > >service for machines with private IPs ? > > Programs (like ping without the -n option) want to resolve IP addresses > and they will do it in the way you have configured name resolution. > > There is no way to make arbitrary programs do that selectively for > particular IP addresses. The programs would need to filter themselves, > and very few do. > > So, if you do not want to query a public DNS server for private IPs, > you need to provide a local name resolution method instead. > > > Usually, that's not a problem. The systems exist in a private (RFC1918) > network and some router or other dedicated system assigns addresses via > DHCP and also provides a DNS service. > > Another popular setup is to run a local DNS service on each machine > that intercepts queries to private IPs. You can do that with the > provided 'named' and 'unbound' programs.
It seems to me this is a trivial matter which has taken way too much time... I've never bothered much with named, but one can setup unbound in about ten minutes. Almost eight years ago I did this on a Raspberry PI - the original model B - just for fun, on a NetBSD-current - 8.99.2 at the time -system. It is still running and is a main caching DNS resolver on my home network (using the same SD card...). > > A simple, but less versatile, method is to just put information > for private IPs into each /etc/hosts file. > > The least versatile, but even simpler, method is to not configure > a resolver at all and rely on /etc/hosts only. > > If you are used to MacOS, you probably also know "Bonjour". This > includes a multicast-DNS system for resolving local names. NetBSD > also supports this with the 'mdnsd' service. But then you probably > want all your systems to use multicast-DNS. > -- ----
