Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Why is RFC1918 space in public DNS evil?

  • From: Jim Mercer
  • Date: Mon Sep 18 04:49:13 2006

On Mon, Sep 18, 2006 at 03:18:07AM -0500, Gadi Evron wrote:
> On Mon, 18 Sep 2006, Petri Helenius wrote:
> > Matthew Palmer wrote:
> > > I've been directed to put all of the internal hosts and such into the public
> > > DNS zone for a client.  My typical policy is to have a subdomain of the zone
> > > served internally, and leave only the publically-reachable hosts in the
> > > public zone.  But this client, having a large number of hosts on RFC1918
> > > space and a VPN for external people to get to it, is pushing against this
> > >
> > >   
> > In many scenarios the VPN'd hosts will ask for the names from the public 
> > DNS anyway, so I feel your client is right and it would be better for 
> > you to go with their wishes.
> 
> Putting all other issues aside, I believe you are right. Still, if VPN is
> the problem than it is solvable. These machines can be configured with a
> DNS server that knows where to go.

if the hosts inside the VPN can only be accessed by hostnames served up inside
the VPN, then it is more likely the users can be confident that their data
is actually traversing the VPN.

it works, or it don't.

-- 
[ Jim Mercer        jim@reptiles.org        +971 50 436-3874 ]
[          I want to live forever, or die trying.            ]




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.