[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Behind firewalls"
I guess I'd say such hosts should convert to globally unique IPv6
addresses real quick. :-)
Donald
PS: Seriously, I don't think it's a completely black and white situation.
A records that are not globally unique should not be globally advertised
but keep in mind this thread started not with the simple case of hiding
some local DNS at one site but trying to share hidden DNS between multiple
sites while still not making it globally visible. That just seems like to
much of a kludge too me.
On Sun, 19 Nov 1995, Greg A. Woods wrote:
> [ On Mon, November 13, 1995 at 15:21:55 (-0500), Donald E. Eastlake wrote: ]
> > Subject: Re: "Behind firewalls"
> >
> > I don't agree. It would be nice to not need/have firewalls but I'd
> > prefer to have everything visible in DNS even if it is not reachable.
>
> Would you also say that hosts using RFC-1597 private internet numbers
> behind firewalls that proxy everything should advertise their "hidden"
> hosts? This would be contrary to 1597, section 3:
>
> Indirect references to such addresses should be contained within the
> enterprise. Prominent examples of such references are DNS Resource
> Records and other information referring to internal private
> addresses. In particular, Internet service providers should take
> measures to prevent such leakage.
>
> My opinion is that DNS information should remain private for any host
> using a proxy gateway, regardless of the address space such a host lives
> in.
>
> --
> Greg A. Woods
>
> +1 416 443-1734 VE3TCP robohack!woods
> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
>
=====================================================================
Donald E. Eastlake 3rd +1 508-287-4877(tel) dee@cybercash.com
318 Acton Street +1 508-371-7148(fax) dee@world.std.com
Carlisle, MA 01741 USA +1 703-620-4200(main office, Reston, VA)