User wanting to use a .local domain to host DNS

Novosielski, Ryan novosirj at umdnj.edu
Thu Nov 15 16:39:31 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/15/2012 11:36 AM, btb wrote:
> On 2012.11.15 10.14, Novosielski, Ryan wrote:
>>> Failing to operate a private TLD correctly is causing internal 
>>> data leaking to the Internet, which could be a security risk
>>> but in all cases is a burden on the root server system.
>> 
>> Not that I think that I'm doing this (and as I'd said, the only
>> place I use this is at home on a NAT'd network where there is no
>> public DNS at all), but what are some common ways to let this
>> happen if you happen to know?
> 
> a nat'd network is a prime example of exactly the sort of place
> this kind of thing happens.  what it usually boils down to is non
> public namespace being used [be it invented tlds or
> rfc1918/5735/etc address space] with no nameserver on the local
> network with those zones configured as authoritative.

Great, thanks, sounds like I'm covered then (I have BIND running
authoritative for my zone on the firewall/NAT machine only accepting
queries from my local 1918 addresses) and DHCP providing its address
as the nameserver.

- -- 
- ---- _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| |  | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlClGsIACgkQmb+gadEcsb7NKwCfUELoFIjKy1TAHFysZ0megp82
MuwAn2V+fOa3enJ6UxRTJmMEmqj3wNeg
=ygQY
-----END PGP SIGNATURE-----




More information about the bind-users mailing list