-------Original Message-------
From: "Sean Donelan" <sean@donelan.com> Subject: The power of default configurations Sent: 06 Apr 2005 14:00:05
On Mon, 4 Apr 2005, Paul Vixie wrote:
adding more. oh and as long as you're considering whether to restrict things to your LAN/campus/ISP, i'm ready to see rfc1918 filters deployed...
Why does BIND forward lookups for RFC1918 addresses by default? Why isn't the default not to forward RFC1918 addresses (and martian addresses). If a sysadmin is using BIND in a local network which uses RFC1918 address, those sysdmins can change their configuration?
There was actually a very interesting discussion about this very topic regarding the proposed new ULA addresses at ipv6 working group at the last IETF meeting. This included a discussion about who should do the filtering the routers or the DNS servers etc...see the minutes below. http://www1.ietf.org/mail-archive/web/ipv6/current/msg04554.html The IESG basically rejected this draft because of the issues of DNS queries for 1918 space. They were looking for stronger language to deal with the issue we currently see with 1918 queries. http://www.ietf.org/internet-drafts/draft-ietf-ipv6-unique-local-addr-09.txt Andrew