[Q] BIND secondary on RedHat 7.1

Simon Waters Simon at wretched.demon.co.uk
Tue Oct 9 23:31:25 UTC 2001

Bill Manning wrote:
>         Yo, pawprint.  You do realize that you have a false sense
>         of privacy here don't you?  Think of how many people use
>         the prefix  Its huge. Hugely Huge.  And since
>         many providers actually route RFC 1918 prefixes internal to
>         their own networks, (like RoadRunner... :)  you have just
>         "opened your kimono" to anyone/everyone inside the rr.com
>         network to query & transfer your zones.  This may not have
>         been what you expected.

If the 192.168 network is local, they won't have a route for it
back to the source, routing is not symmetrical, so replies will
never make it back.

Even if such a route existed, allowing such spoofed packets
would be a major security flaw in the set up, and competent
firewall or router config would stop this.

If your ISP routes RFC1918 packets into your network, or allowed
source routing you probably have the wrong ISP anyway.

Although posters should take the general point, hackers aren't
above reading deja.com and asking a few search engines about you
before starting to hack, so make sure you don't post anything
that your security policy doesn't allow.

On the opposite side, when asking about Internet connected DNS
servers please specify the correct domain names, and IP

Are you using the Internet to best effect ? www.eighth-layer.com
Tel: +44(0)1395 232769      ICQ: 116952768
Moderated discussion of teleworking at news:uk.business.telework

More information about the bind-users mailing list