[79419] in North American Network Operators' Group
Re: The power of default configurations
daemon@ATHENA.MIT.EDU (Florian Weimer)
Wed Apr 6 21:04:13 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
Date: Thu, 07 Apr 2005 03:03:33 +0200
In-Reply-To: <Pine.GSO.4.58.0504061756550.5174@clifden.donelan.com> (Sean
Donelan's message of "Wed, 6 Apr 2005 18:00:05 -0400 (EDT)")
Errors-To: owner-nanog@merit.edu
* Sean Donelan:
> On Mon, 4 Apr 2005, Paul Vixie wrote:
>> adding more. oh and as long as you're considering whether to restrict
>> things to your LAN/campus/ISP, i'm ready to see rfc1918 filters deployed...
>
> Why does BIND forward lookups for RFC1918 addresses by default?
I think Paul complained about DNS queries with source addresses from
RFC 1918 space. It's hard to stop this without using connected UDP
sockets.
> Why isn't the default not to forward RFC1918 addresses (and martian
> addresses).
Is the fraction of PTR lookups for RFC 1918 space really that high?
> If a sysadmin is using BIND in a local network which uses RFC1918
> address, those sysdmins can change their configuration?
They already have to, otherwise the queries won't hit their
authoritative servers.
