Why is RFC1918 space in public DNS evil?
Gadi Evron
ge at linuxbox.org
Mon Sep 18 08:18:07 UTC 2006
On Mon, 18 Sep 2006, Petri Helenius wrote:
>
> Matthew Palmer wrote:
> > I've been directed to put all of the internal hosts and such into the public
> > DNS zone for a client. My typical policy is to have a subdomain of the zone
> > served internally, and leave only the publically-reachable hosts in the
> > public zone. But this client, having a large number of hosts on RFC1918
> > space and a VPN for external people to get to it, is pushing against this
> >
> >
> In many scenarios the VPN'd hosts will ask for the names from the public
> DNS anyway, so I feel your client is right and it would be better for
> you to go with their wishes.
Putting all other issues aside, I believe you are right. Still, if VPN is
the problem than it is solvable. These machines can be configured with a
DNS server that knows where to go.
>
> Pete
>
>
More information about the NANOG
mailing list