[CentOS] Split dns issues
Les Mikesell
lesmikesell at gmail.com
Mon Aug 3 04:36:41 UTC 2009
Drew wrote:
>> It's a bit of bad form to use NAT and private addresses at all because the
>> internet really wasn't designed to be segmented, but everyone does it.
>
> Why is NAT bad form?
I don't mean to imply it shouldn't be used - it is pretty much a necessary evil
now, but it doesn't fit the original IP design very well.
>>From my standpoint as an admin, private IP's & NAT are another tool to
> help secure my network. You can't attack what you can't see and even a
> misconfigured router or firewall won't expose my network to prying
> eyes.
>
There are small problems like often needing split DNS, not being able to offer
public services easily, not being able to track the source addresses
meaningfully in logs, etc., but the real killer comes when your large
organization merges with another using the same private address range and you
need to connect the networks.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list