Re: DNS resolver resolves LAN IPs

To: Michael van Elst <mlelstv%serpens.de@localhost>
Subject: Re: DNS resolver resolves LAN IPs
From: Chavdar Ivanov <ci4ic4%gmail.com@localhost>
Date: Thu, 20 Feb 2025 10:23:38 +0000

On Thu, 20 Feb 2025 at 06:51, Michael van Elst <mlelstv%serpens.de@localhost> wrote:
>
> ps%softinengines.com@localhost (Peter Skvarka) writes:
>
> >If I understand good your answer, the only way how to disallow resolver
> >to query reverse translation for target private IP is to deploy DNS
> >service for machines with private IPs ?
>
> Programs (like ping without the -n option) want to resolve IP addresses
> and they will do it in the way you have configured name resolution.
>
> There is no way to make arbitrary programs do that selectively for
> particular IP addresses. The programs would need to filter themselves,
> and very few do.
>
> So, if you do not want to query a public DNS server for private IPs,
> you need to provide a local name resolution method instead.
>
>
> Usually, that's not a problem. The systems exist in a private (RFC1918)
> network and some router or other dedicated system assigns addresses via
> DHCP and also provides a DNS service.
>
> Another popular setup is to run a local DNS service on each machine
> that intercepts queries to private IPs. You can do that with the
> provided 'named' and 'unbound' programs.

It seems to me this is a trivial matter which has taken way too much time...

I've never bothered much with named, but one can setup unbound in
about ten minutes. Almost eight years ago I did this on a Raspberry PI
- the original model B - just for fun, on a NetBSD-current - 8.99.2 at
the time -system. It is still running and is a main caching DNS
resolver on my home network (using the same SD card...).

>
> A simple, but less versatile, method is to just put information
> for private IPs into each /etc/hosts file.
>
> The least versatile, but even simpler, method is to not configure
> a resolver at all and rely on /etc/hosts only.
>
> If you are used to MacOS, you probably also know "Bonjour". This
> includes a multicast-DNS system for resolving local names. NetBSD
> also supports this with the 'mdnsd' service. But then you probably
> want all your systems to use multicast-DNS.
>


-- 
----

References:
- Re: DNS resolver resolves LAN IPs
  - From: Greg Troxel
- Re: DNS resolver resolves LAN IPs
  - From: Peter Skvarka
- Re: DNS resolver resolves LAN IPs
  - From: Greg Troxel
- Re: DNS resolver resolves LAN IPs
  - From: Peter Skvarka
- Re: DNS resolver resolves LAN IPs
  - From: Michael van Elst

Prev by Date: Re: Issues with trickle
Next by Date: Re: DNS resolver resolves LAN IPs
Previous by Thread: Re: DNS resolver resolves LAN IPs
Next by Thread: Issues with trickle
Indexes:

Home | Main Index | Thread Index | Old Index