[79437] in North American Network Operators' Group
Re: The power of default configurations
daemon@ATHENA.MIT.EDU (Jon Lewis)
Thu Apr 7 13:05:30 2005
Date: Thu, 7 Apr 2005 13:05:02 -0400 (EDT)
From: Jon Lewis <jlewis@lewis.org>
To: "Eric A. Hall" <ehall@ehsco.com>
Cc: nanog@merit.edu
In-Reply-To: <42548ACF.9070600@ehsco.com>
Errors-To: owner-nanog@merit.edu
On Wed, 6 Apr 2005, Eric A. Hall wrote:
> On 4/6/2005 5:00 PM, Sean Donelan wrote:
>
> > Why does BIND forward lookups for RFC1918 addresses by default?
>
> As has been pointed out already, caches need to be able to ask other
> (local) servers for the PTRs.
>
> OTOH, it might make a good feature (and eventually maybe a BCP) to block
> PTR queries for 1918 space from going to the roots and TLD servers.
I added something like this to our binds that handle recursive queries.
Is there any reason distros (or ISC) couldn't make this a part of the
"default config"?
zone "168.192.in-addr.arpa" {
type master;
file "sink";
};
zone "10.in-addr.arpa" {
type master;
file "sink";
};
... other similar zones clipped
sink is just
@ IN SOA localhost. root.localhost. (
2002100800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
* PTR invalid
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
