Question: resolution of private IP addresses
Dear all, I have a simple question regarding the resolution of hostnames with private IP addresses. One of our corporate customers would like to (mis)use DNS to allow the resolution of intranet hosts. The customer operates its own global VPN but for operational reasons cannot install / manage local DNS it each and every of its locations. Also, the customer does not want to operate a centralised intranet DNS service as the Internet connectivity, which is local in each country, in some of its remote locations would be severely affected (as DNS requests would take inordinate amount of time). I have tried to research this but could not find anything that would be prevent the resolution to private IP addresses. The main concern is that ISP's would filter out their DNS cache to prevent this. Any comments? Best regards, Greg Cipollone Technischer Direktor *************************************************************** Twinwave Intranet und Internet Services GmbH Schmidtstr. 51, 60326 Frankfurt Tel.: +49-69-75 086-0, Fax: +49-69-75 086-555 E-Mail: g.cipollone@twinwave.net Web-Seite: http://www.twinwave.net ***************************************************************
Greg, It is not 100% clear what you are proposing to do. Personally I think your arguments for for not running split DNS sound a bit weak to me. If you are proposing to put A RRs with RFC1918 addresses in the Internet DNS tree, I advise strongly against that. RFC1918 says: "Indirect references to such addresses should be contained within the enterprise. Prominent examples of such references are DNS Resource Records and other information referring to internal private addresses. In particular, Internet service providers should take measures to prevent such leakage." ... "If an enterprise uses the private address space, or a mix of private and public address spaces, then DNS clients outside of the enterprise should not see addresses in the private address space used by the enterprise, since these addresses would be ambiguous." Also note that many applications need correct reverse mapping from addresses to names, which can only be solved by local "split" DNS. Regards Daniel At 03:23 PM 1/16/2002, you wrote:
Dear all,
I have a simple question regarding the resolution of hostnames with private IP addresses.
One of our corporate customers would like to (mis)use DNS to allow the resolution of intranet hosts. The customer operates its own global VPN but for operational reasons cannot install / manage local DNS it each and every of its locations. Also, the customer does not want to operate a centralised intranet DNS service as the Internet connectivity, which is local in each country, in some of its remote locations would be severely affected (as DNS requests would take inordinate amount of time).
I have tried to research this but could not find anything that would be prevent the resolution to private IP addresses. The main concern is that ISP's would filter out their DNS cache to prevent this.
Any comments?
Best regards,
Greg Cipollone Technischer Direktor
*************************************************************** Twinwave Intranet und Internet Services GmbH Schmidtstr. 51, 60326 Frankfurt Tel.: +49-69-75 086-0, Fax: +49-69-75 086-555 E-Mail: g.cipollone@twinwave.net Web-Seite: http://www.twinwave.net ***************************************************************
If you are proposing to put A RRs with RFC1918 addresses in the Internet DNS tree, I advise strongly against that. RFC1918 says:
greg might also look at draft-ietf-dnsop-dontpublish-unreachable-02.txt randy
participants (3)
-
Daniel Karrenberg -
Greg Cipollone -
Randy Bush