Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Apr 1999 14:41:11 -0700 (PDT)
From:      "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com>
To:        davids@webmaster.com (David Schwartz)
Cc:        jcanon@comtechnologies.com, igor@physics.uiuc.edu, stable@FreeBSD.ORG
Subject:   Re: netstat -r
Message-ID:  <199904222141.OAA13107@GndRsh.aac.dev.com>
In-Reply-To: <000001be8cf7$fb2eed80$021d85d1@whenever.youwant.to> from David Schwartz at "Apr 22, 99 12:40:31 pm"

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> 
> 	The problem will not 'clear up' in any reasonable sense of the word until
> you either:
> 
> 	1) Fix your nameserver so that it stops trying to resolve private IPs using
> the global Internet's DNS fabric, or
> 
> 	2) Fix your machines so that they no longer try to reverse resolve private
> IPs on name servers not configured to handle it.
> 
> 	So long as you are relying on private IP space to behave in a particular
> way on the global Internet, when there are no such guarantees, your
> configuration is broken. Private IPs are supposed to be quarrantined from
                                                          ^^^^^^^^^^^^^
> the global Internet.

Key word there!!  And please don't leak your IP's into the public internet
via your DNS.  So many sites let this stuff out it makes it a pain some
times to keep your own site clean:
thomson2# ndc dumpdb
Dumping Database
thomson2# grep 192.168 named_dump.db
irintsp1        134631  IN      A       192.168.1.100   ;Cr=auth [206.175.72.162]
thomson2# grep 172.16 named_dump.db
seaipsvcs       5003    IN      A       172.16.25.1     ;Cr=addtnl [198.114.171.109]
seadnsbkup      5003    IN      A       172.16.25.11    ;Cr=addtnl [198.114.171.109]
        134562  IN      A       172.16.0.9      ;NT=712 Cr=addtnl [206.175.72.162]
iri2    134562  IN      A       172.16.0.150    ;Cr=addtnl [206.175.72.162]
iri172  134562  IN      A       172.16.0.9      ;Cr=addtnl [206.175.72.162]
        67134   IN      A       172.16.12.1     ;Cr=addtnl [204.77.185.1]

And I don't even want to show you how much traffic tries to cross my borders with
either a source or destination address in the RFC1918 space, it just makes me sick...
I've even seen MX records pointing to unroutable space :-(

-- 
Rod Grimes - KD7CAX - (RWG25)                   rgrimes@gndrsh.aac.dev.com
Accurate Automation, Inc.                   Reliable computers for FreeBSD
http://www.aai.dnsmgr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?199904222141.OAA13107>