On Aug 10, 2010, at 11:01 AM, Matus UHLAR - fantomas wrote: > On 09.08.10 20:09, donovan jeffrey j wrote: >> my isp has some private address space which has dns resolution and can be >> queried from the outside world. >> >> I asked them about this because we use this private address space and it >> is showing up in our DNS lookups. here was there response; >> >>> I've discussed this with our systems administrators and have been >>> told that this is performing as expected. ISP DNS servers do contain >>> information about private adresses that are in use on our network. >>> If you are utilizing our DNS servers, you will see resolution of >>> private IPs to ISP hostnames when appropriate. That will not occur >>> using external DNS servers. You will see resolution of PTD hostnames >>> to private IPs from external servers, but not IP resolution to >>> hostnames. As long as reverse DNS (IP to hostname) is not >>> propogating, things are functioning normally. >> >> so even from google public dns i see lookups that refer back to a private >> address space on my ISP's net. > > what exactly do you see? Do its servers resolve "internal.isp.net" to > private address? Do they respond to reverse lookups of private addresses > with some private info? > > While they should not point any services they provide to internal addresses > (until they assign private addresses to their clients which becomes quite > common), it doesn't have to cause troubles, Even if it is kind of > information leak.
Personally I think that this is perfectly fine -- I use RFC1918 addresses at home, and it is convenient to me to be able to refer to my printer as: wkumari$ dig +noall +answer wk-hp4700.home.ne-where.com wk-hp4700.home.ne-where.com. 1733 IN A 192.168.0.47 I don't care who knows what the IP address of my printer is -- if anyone wants to know, my NAS is 192.168.0.254, etc. It all depends on what the zone is used for and what your expectations for it are. W > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > How does cat play with mouse? cat /dev/mouse > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
