Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Apr 1999 17:22:32 -0400
From:      Jason Canon <jcanon@comtechnologies.com>
To:        David Schwartz <davids@webmaster.com>
Cc:        Igor Roshchin <igor@physics.uiuc.edu>, stable@freebsd.org
Subject:   Re: netstat -r
Message-ID:  <371F9317.F3EE1368@comtechnologies.com>
References:  <000201be8d04$7b81ead0$021d85d1@whenever.youwant.to>

next in thread | previous in thread | raw e-mail | index | archive | help
David,

The second paragraph refers to the fact that ISP's filter RFC 1597 addresses so that
they are not routable over the public Internet.  It is also saying that IF you choose

to run a private DNS server that it should also not propagate information about RFC
1597 addresses.  There is no language that says that I must run a DNS server to
resolve my RFC 1597 addresses and in fact the use of /etc/hosts is one means for
complying with the context of the second paragraph that you referenced.

So, I'm still waiting.

Cheers,
Jason

David Schwartz wrote:

> > Ok,
> >
> > I have to concede that it is impossible to argue scientifically
> > against with a
> > position
> > that says "It was working by pure luck...".   Either you forgot
> > that the Internet
> > ran for about a decade before DNS came along or perhaps the word "newby"
> > (as in you were not around then) may be applicable.
>
>         Umm, no I was there actually.
>
> > Otherwise, perhaps you can quote the applicable RFC and/or BSD
> > documentation that
> > supports your assertion that it is a requirement that networks
> > operate a private DNS
> > server.
>
>         Gladly. RFC1597 states:
>
>    Because private addresses have no global meaning, routing information
>    about private networks shall not be propagated on inter-enterprise
>    links, and packets with private source or destination addresses
>    should not be forwarded across such links.  Routers in networks not
>    using private address space, especially those of Internet service
>    providers, are expected to be configured to reject (filter out)
>    routing information about private networks.  If such a router
>    receives such information the rejection shall not be treated as a
>    routing protocol error.
>
>    Indirect references to such addresses should be contained within the
>    enterprise.  Prominent examples of such references are DNS Resource
>    Records and other information referring to internal private
>    addresses.  In particular, Internet service providers should take
>    measures to prevent such leakage.
>
>         Read over the second paragraph a few times until you understand it. I'll
> wait.
>
> > Agreeably, the configuration requirements, for those who
> > choose to run DNS,
> > for both public gateway and private network domains is widely
> > known so all you need
> > to cite is the standard that says /etc/hosts is insufficient because (x).
>
>         I'm not saying there's any such requirement. I'm simply saying that it's
> erroneous to rely upon private IPs resolving or not resolving in any
> particular way on the global Internet.
>
>         I will repeat, it is an error to use private IPs in any way on the global
> Internet. That includes attempting to resolve them using the Internet's DNS
> system. They are supposed to be quarantined. If you choose to use DNS and
> you choose to use private address space, you are supposed to make sure they
> don't conflict.
>
>         David Schwartz



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?371F9317.F3EE1368>