-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/15/2012 11:36 AM, btb wrote: > On 2012.11.15 10.14, Novosielski, Ryan wrote: >>> Failing to operate a private TLD correctly is causing internal >>> data leaking to the Internet, which could be a security risk >>> but in all cases is a burden on the root server system. >> >> Not that I think that I'm doing this (and as I'd said, the only >> place I use this is at home on a NAT'd network where there is no >> public DNS at all), but what are some common ways to let this >> happen if you happen to know? > > a nat'd network is a prime example of exactly the sort of place > this kind of thing happens. what it usually boils down to is non > public namespace being used [be it invented tlds or > rfc1918/5735/etc address space] with no nameserver on the local > network with those zones configured as authoritative.
Great, thanks, sounds like I'm covered then (I have BIND running authoritative for my zone on the firewall/NAT machine only accepting queries from my local 1918 addresses) and DHCP providing its address as the nameserver. - -- - ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$&| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlClGsIACgkQmb+gadEcsb7NKwCfUELoFIjKy1TAHFysZ0megp82 MuwAn2V+fOa3enJ6UxRTJmMEmqj3wNeg =ygQY -----END PGP SIGNATURE----- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
