Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Why is RFC1918 space in public DNS evil?

  • From: Valdis.Kletnieks
  • Date: Mon Sep 18 14:23:31 2006

On Mon, 18 Sep 2006 17:57:43 +0200, Peter Dambier said:

> It can make sense:
> 
> I am sending my mails mostly from lumbamba.peter-dambier.de (192.168.48.226)
> my router is krzach.peter-dambier.de (192.168.48.2)
> my mailer is echnaton.peter-dambier.de (192.168.48.228)
> 
> My traceroute looks ok although some of the hosts are RFC1918
> If somebody looks into my email headers they find information that makes
> sense although they could not ping the hosts.
> 
> As long as you do not allow AXFR, nobody can see the information about
> RFC1918 hosts. So there is no risk.

Unless of course you're leaking it in Received: headers..

Or DNS requests across the public Internet (remember, we *started* with the
question of having this stuff on a public-facing DNS server..)..

Or all the other myriad ways this stuff tends to leak out.  AXFR is the *least*
of your problems.

Attachment: pgp00012.pgp
Description: PGP signature




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.