On Wed, Feb 14, 2007 at 10:52:45PM -0500, Dean Anderson wrote:
> I asked this before and got no answer. RFC2119 itself gives some
> guidance:
I don't think that's exactly true. I pointed out that, as far as I
know, this document is intended to be an informational document, which
means that it wi
> > > It defaults to blocking RFC1918 addresses.
> >
> > if there was an rfc that talked about this, it would be more widely
> > implemented. ...
>
> Named already has this capability.
>
> You can use the blackhole acl or you can use multiple
> server "cidr" { bogus yes; };.
>
> > The PowerDNS recursor has recently gained support for the "dont-query"
> > setting:
> >
> > The DNS is a public database, but sometimes contains delegations to privat
> e
> > IP addresses, like for example 127.0.0.1. This can have odd effects,
> > depending on your network, and may even be
On Fri, 16 Feb 2007 21:27:12 + Paul wrote:
PV> > The DNS is a public database, but sometimes contains delegations to
private
PV> > IP addresses, like for example 127.0.0.1. This can have odd effects,
PV> > depending on your network, and may even be a security risk. Therefore,
since
PV> >
> The PowerDNS recursor has recently gained support for the "dont-query"
> setting:
>
> The DNS is a public database, but sometimes contains delegations to private
> IP addresses, like for example 127.0.0.1. This can have odd effects,
> depending on your network, and may even be a security risk
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Domain Name System Operations Working Group of
the IETF.
Title : Requirements for a Mechanism Identifying a Name
Server Instance
Author(s) : D. Conrad
On Fri, Feb 16, 2007 at 07:18:35PM +, Paul Vixie wrote:
> there is an rfc1918 address for this nameserver. there's no way for me to
> be sure that it's the same 10.20.2.102 that i would reach if i tried, yet
> there's no way to be sure that it's not the same, either. granted that the
> best t
there is an rfc1918 address for this nameserver. there's no way for me to
be sure that it's the same 10.20.2.102 that i would reach if i tried, yet
there's no way to be sure that it's not the same, either. granted that the
best thing is if the address would not be published outside the connectivi
On Wed, 14 Feb 2007, Ted Lemon wrote:
> On Feb 14, 2007, at 10:17 PM, Dean Anderson wrote:
> > Basically, many people have greatly misunderstood this document,
>
> That people have misunderstood the document is your assertion, which
> may or may not be true. That people agree that using in-ad
