On Sat, Mar 26, 2011 at 6:30 AM, Carsten Strotmann <[email protected]> wrote: > you are right, if these queries would only go towards a carefully > configured resolving DNS Server that terminates this local domain, the > names will no leak. > > However experience shows that the names will show up inside the payload > of network data (badly designed protocols that embed names in the > payload) and as an result of this will be looked up in different > networks where you do not have the control over the DNS and the local > names are not terminated on the resolving DNS Server.
In my cases, and possibly for others, the DNS is under control but not all of the client systems (independent agents working in the office with their own computers). When using a sub-domain of the registered SLD failed host queries are then retried by the clients with the parent domain (SLD) creating extra traffic/noise/work. Whereas using a private TLD like ".office", ".soho", etc. eliminates that issue. Of course, using the registered SLD directly would also eliminate the parent lookup but (again in my cases) these are small businesses where the registered domains public DNS info are served externally (by the hosting site or registrar) and not used for internal systems on private addresses. And as the SLD (ex: "businessname.office") is a (as Windows calls it) connection specific DNS suffix, and temporary - DHCP assigned when in the building, it should not be problematic. Chris _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
