North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: The power of default configurations
On Wed, 6 Apr 2005, Eric A. Hall wrote: > On 4/6/2005 5:00 PM, Sean Donelan wrote: > > > Why does BIND forward lookups for RFC1918 addresses by default? > > As has been pointed out already, caches need to be able to ask other > (local) servers for the PTRs. > > OTOH, it might make a good feature (and eventually maybe a BCP) to block > PTR queries for 1918 space from going to the roots and TLD servers. I added something like this to our binds that handle recursive queries. Is there any reason distros (or ISC) couldn't make this a part of the "default config"? zone "168.192.in-addr.arpa" { type master; file "sink"; }; zone "10.in-addr.arpa" { type master; file "sink"; }; ... other similar zones clipped sink is just @ IN SOA localhost. root.localhost. ( 2002100800 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS localhost. * PTR invalid ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
|