North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: The power of default configurations
* Sean Donelan: > On Mon, 4 Apr 2005, Paul Vixie wrote: >> adding more. oh and as long as you're considering whether to restrict >> things to your LAN/campus/ISP, i'm ready to see rfc1918 filters deployed... > > Why does BIND forward lookups for RFC1918 addresses by default? I think Paul complained about DNS queries with source addresses from RFC 1918 space. It's hard to stop this without using connected UDP sockets. > Why isn't the default not to forward RFC1918 addresses (and martian > addresses). Is the fraction of PTR lookups for RFC 1918 space really that high? > If a sysadmin is using BIND in a local network which uses RFC1918 > address, those sysdmins can change their configuration? They already have to, otherwise the queries won't hit their authoritative servers.
|