Jason 'XenoPhage' Frisvold wrote:
This brings up a question I've been wondering about ...
I have a private network I use for managment. For simplicity and sanity sake, I DNS those IP's. However, this gives anyone on the net the ability to do lookups on those addresses and get the management IP. Is this how others handle this? I know that the reverse DNS isn't accessible by the internet at large because I'm not the authority for those IP's, but the forwards are.. Should I, instead, have a private DNS server set up that's not accessible via the internet?
http://cr.yp.to/djbdns/dot-local.html
Essentially, is it ok to leave this as-is, or does netiquette state that I should hide this?
I don't know that netiquette observes any preference. It's up to you, and your security policy. If they are private IPs, then they should be inaccessible. But if someone found a way into your network, then they would already have some information about what is what.
Regards,
Bill
