Re: DNS resolver resolves LAN IPs

[mlelstv%serpens.de@localhost (Michael van Elst)]

ps%softinengines.com@localhost (Peter Skvarka) writes:

>If I understand good your answer, the only way how to disallow resolver 
>to query reverse translation for target private IP is to deploy DNS 
>service for machines with private IPs ?

Programs (like ping without the -n option) want to resolve IP addresses
and they will do it in the way you have configured name resolution.

There is no way to make arbitrary programs do that selectively for
particular IP addresses. The programs would need to filter themselves,
and very few do.

So, if you do not want to query a public DNS server for private IPs,
you need to provide a local name resolution method instead.


Usually, that's not a problem. The systems exist in a private (RFC1918)
network and some router or other dedicated system assigns addresses via
DHCP and also provides a DNS service.

Another popular setup is to run a local DNS service on each machine
that intercepts queries to private IPs. You can do that with the
provided 'named' and 'unbound' programs.

A simple, but less versatile, method is to just put information
for private IPs into each /etc/hosts file.

The least versatile, but even simpler, method is to not configure
a resolver at all and rely on /etc/hosts only.

If you are used to MacOS, you probably also know "Bonjour". This
includes a multicast-DNS system for resolving local names. NetBSD
also supports this with the 'mdnsd' service. But then you probably
want all your systems to use multicast-DNS.