On Wed, 6 Apr 2005, Eric A. Hall wrote:
On 4/6/2005 5:00 PM, Sean Donelan wrote:
Why does BIND forward lookups for RFC1918 addresses by default?
As has been pointed out already, caches need to be able to ask other (local) servers for the PTRs.
OTOH, it might make a good feature (and eventually maybe a BCP) to block PTR queries for 1918 space from going to the roots and TLD servers.
I added something like this to our binds that handle recursive queries. Is there any reason distros (or ISC) couldn't make this a part of the "default config"? zone "168.192.in-addr.arpa" { type master; file "sink"; }; zone "10.in-addr.arpa" { type master; file "sink"; }; ... other similar zones clipped sink is just @ IN SOA localhost. root.localhost. ( 2002100800 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS localhost. * PTR invalid ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________