From owner-freebsd-stable Thu Apr 22 14:12:53 1999 Delivered-To: freebsd-stable@freebsd.org Received: from shell.webmaster.com (mail.webmaster.com [209.133.28.73]) by hub.freebsd.org (Postfix) with ESMTP id F03CD15427 for ; Thu, 22 Apr 1999 14:12:30 -0700 (PDT) (envelope-from davids@webmaster.com) Received: from whenever ([209.133.29.2]) by shell.webmaster.com (Post.Office MTA v3.5.3 release 223 ID# 0-12345L500S10000V35) with SMTP id com; Thu, 22 Apr 1999 14:10:00 -0700 From: "David Schwartz" To: "Jason Canon" Cc: "Igor Roshchin" , Subject: RE: netstat -r Date: Thu, 22 Apr 1999 14:10:00 -0700 Message-ID: <000201be8d04$7b81ead0$021d85d1@whenever.youwant.to> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 In-Reply-To: <371F8E10.F57F11A@comtechnologies.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Ok, > > I have to concede that it is impossible to argue scientifically > against with a > position > that says "It was working by pure luck...". Either you forgot > that the Internet > ran for about a decade before DNS came along or perhaps the word "newby" > (as in you were not around then) may be applicable. Umm, no I was there actually. > Otherwise, perhaps you can quote the applicable RFC and/or BSD > documentation that > supports your assertion that it is a requirement that networks > operate a private DNS > server. Gladly. RFC1597 states: Because private addresses have no global meaning, routing information about private networks shall not be propagated on inter-enterprise links, and packets with private source or destination addresses should not be forwarded across such links. Routers in networks not using private address space, especially those of Internet service providers, are expected to be configured to reject (filter out) routing information about private networks. If such a router receives such information the rejection shall not be treated as a routing protocol error. Indirect references to such addresses should be contained within the enterprise. Prominent examples of such references are DNS Resource Records and other information referring to internal private addresses. In particular, Internet service providers should take measures to prevent such leakage. Read over the second paragraph a few times until you understand it. I'll wait. > Agreeably, the configuration requirements, for those who > choose to run DNS, > for both public gateway and private network domains is widely > known so all you need > to cite is the standard that says /etc/hosts is insufficient because (x). I'm not saying there's any such requirement. I'm simply saying that it's erroneous to rely upon private IPs resolving or not resolving in any particular way on the global Internet. I will repeat, it is an error to use private IPs in any way on the global Internet. That includes attempting to resolve them using the Internet's DNS system. They are supposed to be quarantined. If you choose to use DNS and you choose to use private address space, you are supposed to make sure they don't conflict. David Schwartz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message