Great Circle Associates Firewalls
(September 1995)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: regarding RFC1597 networks and DNS
From: "william.wells" <william . wells @ damark . com>
Date: Fri, 29 Sep 95 08:26:00 +6C
To: FIREWALLS <firewalls @ GreatCircle . COM>

>   Q) Is using RFC1597 addresses a good idea if I have the possibility?
>     Yes.  A) They're not routable from the internet adding a bit of
>      silly security, B) it conserves global routes (save the whales!) and
>      C) it generally allows one to design a more intelligent, concise
>      plan than to hodge podge /24 networks together.

If you are planning to use a firewall between your internal networks and the
Internet, then this makes extremely good sense. An application firewall will
readdress the packets on the way through anyway.

On a related topic, especially since DNS is the topic of late: is there a
standard which says that one is not supposed to advertise RFC1597 addresses
in one's Internet accessible DNS lists?  After all, resolving the name won't
provide an address which will go to the remote destination; if anything, you
might end up going to a system on your internal network....
   ex:     twiddle   IN  A

William Wells
Manager, Technical Support
Damark International, Inc

Indexed By Date Previous: Book recommendations
From: "Michael G. Stemmler, EMJ OSG Technician" <mikes @ emj . ca>
Next: non-root low ports (was: Firewall on Solaris 2.4, truss, CERN httpd mods.)
From: Ken Hardy <ken @ bridge . com>
Indexed By Thread Previous: Book recommendations
From: Jennifer_Bayuk @ notes . pw . com
Next: Re: regarding RFC1597 networks and DNS
From: Yakov Rekhter <yakov @ cisco . com>

Search Internet Search