Why is RFC1918 space in public DNS evil?

Gadi Evron ge at linuxbox.org
Mon Sep 18 08:18:07 UTC 2006

On Mon, 18 Sep 2006, Petri Helenius wrote:
> Matthew Palmer wrote:
> > I've been directed to put all of the internal hosts and such into the public
> > DNS zone for a client.  My typical policy is to have a subdomain of the zone
> > served internally, and leave only the publically-reachable hosts in the
> > public zone.  But this client, having a large number of hosts on RFC1918
> > space and a VPN for external people to get to it, is pushing against this
> >
> >   
> In many scenarios the VPN'd hosts will ask for the names from the public 
> DNS anyway, so I feel your client is right and it would be better for 
> you to go with their wishes.

Putting all other issues aside, I believe you are right. Still, if VPN is
the problem than it is solvable. These machines can be configured with a
DNS server that knows where to go.

> Pete

More information about the NANOG mailing list