Why is RFC1918 space in public DNS evil?
pete at he.iki.fi
Mon Sep 18 08:10:02 UTC 2006
Matthew Palmer wrote:
> I've been directed to put all of the internal hosts and such into the public
> DNS zone for a client. My typical policy is to have a subdomain of the zone
> served internally, and leave only the publically-reachable hosts in the
> public zone. But this client, having a large number of hosts on RFC1918
> space and a VPN for external people to get to it, is pushing against this
In many scenarios the VPN'd hosts will ask for the names from the public
DNS anyway, so I feel your client is right and it would be better for
you to go with their wishes.
More information about the NANOG