private address 192.168.x.x or 10.x.x.x on a public dns
John Wobus
jw354 at cornell.edu
Mon Apr 28 21:48:19 UTC 2008
I know that what you are asking for is a citation from an RFC or other
well-accepted
best-practices document, and I don' t have that, but I'll add my
comments.
There's a security issue. If your engineering department's client uses
that name at some remote site (e.g., at home), then a server
at that remote site that has address 192.168.99.154 would respond.
Then, the client is talking to a different server than intended.
How much danger this entails to your engineering department
depends upon the specifics of the app.
Also, someone who legitimately uses that address at the
remote site might devote resources toward investigating the
unexplained probing of their host.
John Wobus
On Apr 25, 2008, at 4:39 AM, roger wrote:
> Hello,
>
> I am trying to find some information that I already believe to be
> true.
>
> I belive: You shouldn't configure a DNS, that answers queries to the
> internet, with a host that will point to a private address.
>
>
> Our engineering department wants me to do the following:
>
> host IN A 192.168.99.154
>
> on a nameserver that answers queries to the internet.
>
>
> I feel this is wrong, I think this is not allowed, but I can not find
> the RFC, book, internet article that will support my claim. My google-
> foo has failed me. Can anyone lend a helping hand, or if someone can
> lead me to documentation that says it is ok to do so would also be
> helpful.
>
> Best Regards,
> Roger Murray
>
More information about the bind-users
mailing list