Date: Thu, 22 Apr 1999 14:41:11 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com> To: davids@webmaster.com (David Schwartz) Cc: jcanon@comtechnologies.com, igor@physics.uiuc.edu, stable@FreeBSD.ORG Subject: Re: netstat -r Message-ID: <199904222141.OAA13107@GndRsh.aac.dev.com> In-Reply-To: <000001be8cf7$fb2eed80$021d85d1@whenever.youwant.to> from David Schwartz at "Apr 22, 99 12:40:31 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > The problem will not 'clear up' in any reasonable sense of the word until > you either: > > 1) Fix your nameserver so that it stops trying to resolve private IPs using > the global Internet's DNS fabric, or > > 2) Fix your machines so that they no longer try to reverse resolve private > IPs on name servers not configured to handle it. > > So long as you are relying on private IP space to behave in a particular > way on the global Internet, when there are no such guarantees, your > configuration is broken. Private IPs are supposed to be quarrantined from ^^^^^^^^^^^^^ > the global Internet. Key word there!! And please don't leak your IP's into the public internet via your DNS. So many sites let this stuff out it makes it a pain some times to keep your own site clean: thomson2# ndc dumpdb Dumping Database thomson2# grep 192.168 named_dump.db irintsp1 134631 IN A 192.168.1.100 ;Cr=auth [206.175.72.162] thomson2# grep 172.16 named_dump.db seaipsvcs 5003 IN A 172.16.25.1 ;Cr=addtnl [198.114.171.109] seadnsbkup 5003 IN A 172.16.25.11 ;Cr=addtnl [198.114.171.109] 134562 IN A 172.16.0.9 ;NT=712 Cr=addtnl [206.175.72.162] iri2 134562 IN A 172.16.0.150 ;Cr=addtnl [206.175.72.162] iri172 134562 IN A 172.16.0.9 ;Cr=addtnl [206.175.72.162] 67134 IN A 172.16.12.1 ;Cr=addtnl [204.77.185.1] And I don't even want to show you how much traffic tries to cross my borders with either a source or destination address in the RFC1918 space, it just makes me sick... I've even seen MX records pointing to unroutable space :-( -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.aac.dev.com Accurate Automation, Inc. Reliable computers for FreeBSD http://www.aai.dnsmgr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904222141.OAA13107>