-----BEGIN PGP SIGNED MESSAGE----- Michel Py wrote: > > Keith Moore wrote: > > great. now we'll have NAT boxes intercepting > > outgoing DNS traffic also. > > That was not my point. My point was to have a DNS server in the inside > configured for reverse lookup of private IPs. What you mention would > help though. Which most people already have when configuring their local network as they setup a local DNS server. Usually NAT boxes also include a DNS server btw. Even my Alcatel Speedtouch *adsl modem* has one. But I gladly use a much easier to configure bind ofcourse ;) People not configuring these DNS servers usually use their ISP's DNS servers and these should comply to AS112 standards, aka serve empty versions of the rfc1918 zones and make themselves authoritive. Afaik the latest bind distributions include at least setup examples for rfc1918 addresses. Shouldn't there be a BCP for such cases? Aka that ISP's should have rfc1918/localhost/169.254.x.x zones in the DNS servers that face their customers? Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP41q/imqKFIzPnwjEQLEcACfWqTKtP0UAkAyRmEOYdDmRGyiE6UAoIF0 cn2z6DmYbo/tBDivtyMKHBdp =1pV8 -----END PGP SIGNATURE-----