Why is RFC1918 space in public DNS evil?

Roland Dobbins rdobbins at cisco.com
Mon Sep 18 19:17:01 UTC 2006



On Sep 18, 2006, at 12:12 PM, Elijah Savage wrote:

> I've been directed to put all of the internal hosts and such into  
> the public
> DNS zone for a client.

Another option is split-horizon DNS for the internal stuff, if it  
never needs to be publicly visible.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

Any information security mechanism, process, or procedure which can
be consistently defeated by the successful application of a single
class of attacks must be considered fatally flawed.

     -- The Lucy Van Pelt Principle of Secure Systems Design




More information about the NANOG mailing list