Why is RFC1918 space in public DNS evil?

Petri Helenius pete at he.iki.fi
Mon Sep 18 08:10:02 UTC 2006

Matthew Palmer wrote:
> I've been directed to put all of the internal hosts and such into the public
> DNS zone for a client.  My typical policy is to have a subdomain of the zone
> served internally, and leave only the publically-reachable hosts in the
> public zone.  But this client, having a large number of hosts on RFC1918
> space and a VPN for external people to get to it, is pushing against this
In many scenarios the VPN'd hosts will ask for the names from the public 
DNS anyway, so I feel your client is right and it would be better for 
you to go with their wishes.


More information about the NANOG mailing list