nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The power of default configurations

From: Jon Lewis <jlewis () lewis org>
Date: Thu, 7 Apr 2005 13:05:02 -0400 (EDT)

On Wed, 6 Apr 2005, Eric A. Hall wrote:


On 4/6/2005 5:00 PM, Sean Donelan wrote:


Why does BIND forward lookups for RFC1918 addresses by default?


As has been pointed out already, caches need to be able to ask other
(local) servers for the PTRs.

OTOH, it might make a good feature (and eventually maybe a BCP) to block
PTR queries for 1918 space from going to the roots and TLD servers.


I added something like this to our binds that handle recursive queries.
Is there any reason distros (or ISC) couldn't make this a part of the
"default config"?

zone "168.192.in-addr.arpa" {
        type master;
        file "sink";
};

zone "10.in-addr.arpa" {
        type master;
        file "sink";
};
... other similar zones clipped

sink is just

@       IN      SOA     localhost. root.localhost.  (
                                      2002100800 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
              IN      NS      localhost.

*      PTR     invalid

----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Previous By Date Next
Previous By Thread Next

Current thread: