The power of default configurations
Florian Weimer
fw at deneb.enyo.de
Thu Apr 7 01:03:33 UTC 2005
* Sean Donelan:
> On Mon, 4 Apr 2005, Paul Vixie wrote:
>> adding more. oh and as long as you're considering whether to restrict
>> things to your LAN/campus/ISP, i'm ready to see rfc1918 filters deployed...
>
> Why does BIND forward lookups for RFC1918 addresses by default?
I think Paul complained about DNS queries with source addresses from
RFC 1918 space. It's hard to stop this without using connected UDP
sockets.
> Why isn't the default not to forward RFC1918 addresses (and martian
> addresses).
Is the fraction of PTR lookups for RFC 1918 space really that high?
> If a sysadmin is using BIND in a local network which uses RFC1918
> address, those sysdmins can change their configuration?
They already have to, otherwise the queries won't hit their
authoritative servers.
More information about the NANOG
mailing list