[H-GEN] RFC-1918 : Class C Networks.

[Jim Clark]

Greg Black wrote:

>[ Humbug *General* list - semi-serious discussions about Humbug and     ]
>[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
>On 2005-09-07, Edwin Groothuis wrote:
>  
>
>>On Wed, Sep 07, 2005 at 11:02:41AM +1000, Greg Black wrote:
>>    
>>
>>>The correct solution is to have the internal addresses given out
>>>to internal hosts and for lookups from outside to get failures.
>>>Handing out inaccessible addresses in response to queries is
>>>just wrong.
>>>      
>>>
>>No it's not.
>>    
>>
>
>Yes it is.
>
>  
>
>>Imagine this:
>>
>>- External user tries to connect to internal webserver.
>>- DNS server returns NXDOMAIN. Entry stays in DNS server for its
>>  TTL. User has it also cached on his computer.
>>- External user thinks "I'm an idiot, I forgot to setup my VPN"
>>- External user becomes internal user and tries to access the
>>  internal webserver.
>>- DNS cache says "NXDOMAIN".
>>    
>>
>
>External user has setup her system to use the wrong DNS cache in
>that case.  Part of setting up the VPN would involve updating
>/etc/resolv.conf appropriately.  And then the so-called problem
>goes away.
>
>It is, as I said, a matter of understanding how things work and
>then doing things the right way.
>
>  
>
>>Yes yes, it's all theoretical[sp] and stuff, but we live in a gray
>>world where sometimes things are right and sometimes the same things
>>are wrong.
>>    
>>
>
>That may be partly true, but it's certainly not the case in the
>situation we're discussing here.
>
>  
>

Thanks Guys.

The last thing I intended was to start a flame war :)

I had thought what I was seeing was wrong, and in fact what Greg has
suggested as the correct approach is exactly the way I have configured
my systems.
I went and asked the question before my first morning coffee... I should
know better! :-)

-- 
Cheers,
Jim.