|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: The power of default configurations
On Wed, 6 Apr 2005, Eric A. Hall wrote:
> On 4/6/2005 5:00 PM, Sean Donelan wrote:
>
> > Why does BIND forward lookups for RFC1918 addresses by default?
>
> As has been pointed out already, caches need to be able to ask other
> (local) servers for the PTRs.
>
> OTOH, it might make a good feature (and eventually maybe a BCP) to block
> PTR queries for 1918 space from going to the roots and TLD servers.
I added something like this to our binds that handle recursive queries.
Is there any reason distros (or ISC) couldn't make this a part of the
"default config"?
zone "168.192.in-addr.arpa" {
type master;
file "sink";
};
zone "10.in-addr.arpa" {
type master;
file "sink";
};
... other similar zones clipped
sink is just
@ IN SOA localhost. root.localhost. (
2002100800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
* PTR invalid
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
|