[Soekris] [OT] DNS Non-delegated local domain behind NATed firewall
Trevor Talbot
quension at mac.com
Fri Oct 20 20:27:28 UTC 2006
On Oct 20, 2006, at 9:59 AM, The Fungi wrote:
>> Is there any clear policy or guideline on this topic? I've looked for
>> an RFC about this subject, but there doesn't seem to be one. What is
>> the safest option for domain naming behind a NAT box?
>
> There are somewhat complex split-horizon techniques you can employ
> (BIND views, multiple daemons, et cetera) to serve different DNS
> records for the same zones to different clients, but this is well
> beyond the scope of what it sounds like you need. Since nobody outside
> your internal network will ever be querying your nameserver for any
> legitimate reason anyway, you can serve whatever you want from it. The
> most common technique that should cause you the least grief is to use
> a domain that you own and control yourself, or one that does not and
> is unlikely to ever exist (by using a bogus TLD like .local or
> .yourname or whatever). As for an IETF RFC, I think you're looking for
> 2606:
I would also recommend avoiding .local, as it's used by zeroconf.
Enough systems/devices are appearing with support for it that you'll
probably run into it sooner or later.
I'm using .internal myself.
More information about the Soekris-tech
mailing list