[CentOS] Split dns issues

Mon Aug 3 22:47:51 UTC 2009
Robert Spangler <mlists at zoominternet.net>

On Monday 03 August 2009 00:36, Les Mikesell wrote:

>  Drew wrote:
>  >> It's a bit of bad form to use NAT and private addresses at all because
>  >> the internet really wasn't designed to be segmented, but everyone does
>  >> it.
>  >
>  > Why is NAT bad form?
>
>  I don't mean to imply it shouldn't be used - it is pretty much a necessary
> evil now, but it doesn't fit the original IP design very well.
>
>  >>From my standpoint as an admin, private IP's & NAT are another tool to
>  >
>  > help secure my network. You can't attack what you can't see and even a
>  > misconfigured router or firewall won't expose my network to prying
>  > eyes.
>
>  There are small problems like often needing split DNS, not being able to
> offer public services easily, not being able to track the source addresses
> meaningfully in logs, etc., but the real killer comes when your large

Say what?  How do you figure this?  Unless you are not NAT'ing correctly.  
When NAT'ing only the destination address is changes and on the outbound only 
the source address is changed.  So if you are logging you should still see 
the ip addresses.

> organization merges with another using the same private address range and
> you need to connect the networks.

This can be worked around and has on many occasions at the office.  The bigger 
problem is when you are just partnering with another company using the same 
range.


-- 

Regards
Robert

Linux User #296285
http://counter.li.org