From owner-freebsd-stable  Thu Apr 22 14:44:29 1999
Delivered-To: freebsd-stable@freebsd.org
Received: from GndRsh.aac.dev.com (GndRsh.aac.dev.com [198.145.92.4])
	by hub.freebsd.org (Postfix) with ESMTP id D0FC414D79
	for <stable@FreeBSD.ORG>; Thu, 22 Apr 1999 14:44:21 -0700 (PDT)
	(envelope-from rgrimes@GndRsh.aac.dev.com)
Received: (from rgrimes@localhost)
	by GndRsh.aac.dev.com (8.8.8/8.8.8) id OAA13107;
	Thu, 22 Apr 1999 14:41:11 -0700 (PDT)
	(envelope-from rgrimes)
From: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com>
Message-Id: <199904222141.OAA13107@GndRsh.aac.dev.com>
Subject: Re: netstat -r
In-Reply-To: <000001be8cf7$fb2eed80$021d85d1@whenever.youwant.to> from David Schwartz at "Apr 22, 99 12:40:31 pm"
To: davids@webmaster.com (David Schwartz)
Date: Thu, 22 Apr 1999 14:41:11 -0700 (PDT)
Cc: jcanon@comtechnologies.com, igor@physics.uiuc.edu,
	stable@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> 
> 	The problem will not 'clear up' in any reasonable sense of the word until
> you either:
> 
> 	1) Fix your nameserver so that it stops trying to resolve private IPs using
> the global Internet's DNS fabric, or
> 
> 	2) Fix your machines so that they no longer try to reverse resolve private
> IPs on name servers not configured to handle it.
> 
> 	So long as you are relying on private IP space to behave in a particular
> way on the global Internet, when there are no such guarantees, your
> configuration is broken. Private IPs are supposed to be quarrantined from
                                                          ^^^^^^^^^^^^^
> the global Internet.

Key word there!!  And please don't leak your IP's into the public internet
via your DNS.  So many sites let this stuff out it makes it a pain some
times to keep your own site clean:
thomson2# ndc dumpdb
Dumping Database
thomson2# grep 192.168 named_dump.db
irintsp1        134631  IN      A       192.168.1.100   ;Cr=auth [206.175.72.162]
thomson2# grep 172.16 named_dump.db
seaipsvcs       5003    IN      A       172.16.25.1     ;Cr=addtnl [198.114.171.109]
seadnsbkup      5003    IN      A       172.16.25.11    ;Cr=addtnl [198.114.171.109]
        134562  IN      A       172.16.0.9      ;NT=712 Cr=addtnl [206.175.72.162]
iri2    134562  IN      A       172.16.0.150    ;Cr=addtnl [206.175.72.162]
iri172  134562  IN      A       172.16.0.9      ;Cr=addtnl [206.175.72.162]
        67134   IN      A       172.16.12.1     ;Cr=addtnl [204.77.185.1]

And I don't even want to show you how much traffic tries to cross my borders with
either a source or destination address in the RFC1918 space, it just makes me sick...
I've even seen MX records pointing to unroutable space :-(

-- 
Rod Grimes - KD7CAX - (RWG25)                   rgrimes@gndrsh.aac.dev.com
Accurate Automation, Inc.                   Reliable computers for FreeBSD
http://www.aai.dnsmgr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message