[CentOS] Split dns issues

Mon Aug 3 04:36:41 UTC 2009
Les Mikesell <lesmikesell at gmail.com>

Drew wrote:
>> It's a bit of bad form to use NAT and private addresses at all because the
>> internet really wasn't designed to be segmented, but everyone does it.
> 
> Why is NAT bad form?

I don't mean to imply it shouldn't be used - it is pretty much a necessary evil 
now, but it doesn't fit the original IP design very well.

>>From my standpoint as an admin, private IP's & NAT are another tool to
> help secure my network. You can't attack what you can't see and even a
> misconfigured router or firewall won't expose my network to prying
> eyes.
> 

There are small problems like often needing split DNS, not being able to offer 
public services easily, not being able to track the source addresses 
meaningfully in logs, etc., but the real killer comes when your large 
organization merges with another using the same private address range and you 
need to connect the networks.

-- 
   Les Mikesell
    lesmikesell at gmail.com