-----BEGIN PGP SIGNED MESSAGE-----
Michel Py wrote:
Keith Moore wrote:
great. now we'll have NAT boxes intercepting
outgoing DNS traffic also.
That was not my point. My point was to have a DNS server in the inside
configured for reverse lookup of private IPs. What you mention would
Which most people already have when configuring their local network
as they setup a local DNS server. Usually NAT boxes also include
a DNS server btw. Even my Alcatel Speedtouch *adsl modem* has one.
But I gladly use a much easier to configure bind ofcourse ;)
People not configuring these DNS servers usually use their ISP's
DNS servers and these should comply to AS112 standards, aka
serve empty versions of the rfc1918 zones and make themselves authoritive.
Afaik the latest bind distributions include at least setup examples
for rfc1918 addresses.
Shouldn't there be a BCP for such cases? Aka that ISP's should
have rfc1918/localhost/169.254.x.x zones in the DNS servers that
face their customers?
-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / jeroen(_at_)unfix(_dot_)org / http://unfix.org/~jeroen/
-----END PGP SIGNATURE-----