North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Why is RFC1918 space in public DNS evil?

  • From: Roland Dobbins
  • Date: Mon Sep 18 15:23:09 2006
  • Authentication-results:; [email protected]; dkim=pass (sig from verified; );
  • Dkim-signature: a=rsa-sha1; q=dns; l=657; t=1158607022; x=1159471022;c=relaxed/relaxed; s=sjdkim8002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version;; [email protected]; z=From:Roland=20Dobbins=20<[email protected]>|Subject:Re=3A=20Why=20is=20RFC1918=20space=20in=20public=20DNS=20evil?;; b=oGagHcYxrZrB20J3lc5QdrmFlvZilcO8PWUZSG8vFDsanD1PBKj2Vwj7oFp6QthAysCnzr7EDlKugzBIdAdR4MpDpfsOa5Y0ILZv1eBtiY9otmqz53LZS9npnjaRdY1+;

On Sep 18, 2006, at 12:12 PM, Elijah Savage wrote:

I've been directed to put all of the internal hosts and such into the public
DNS zone for a client.
Another option is split-horizon DNS for the internal stuff, if it never needs to be publicly visible.

Roland Dobbins <[email protected]> // 408.527.6376 voice

Any information security mechanism, process, or procedure which can
be consistently defeated by the successful application of a single
class of attacks must be considered fatally flawed.

-- The Lucy Van Pelt Principle of Secure Systems Design