<p dir="ltr">I simply run internal DNS servers that use an internal sub domain. The main DNS servers then delegate to the internal ones for things, so the only internal IPs which are exposed are the ones used by the internal DNS servers. </p>
<p dir="ltr">I am, however, moving away from that and towards the use of sane firewall rules and public IPv6 space. I just hope that HE's free service continues to exist long enough to get me to the point where native connectivity is easy to get. </p>
<div class="gmail_quote">On Nov 14, 2012 11:45 AM, "Robert L. Harris" <<a href="mailto:robert.l.harris@gmail.com">robert.l.harris@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br><div>Yeah, there's no overlap. I re-ip'd a while back and picked a lesser used chunk and I've been lucky the new job uses 10.X versus my 172 spaces.</div><div><br></div><div>I don't want to make it public so I may be just using some host entries then. Ugly but better than posting what I have online.</div>
<div><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Nov 14, 2012 at 7:39 AM, Brian MacLeod <span dir="ltr"><<a href="mailto:nym.bnm@gmail.com" target="_blank">nym.bnm@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
</div><div>On 11/14/12 6:53 AM, Richard Bronosky wrote:<br>
> If this is for home use, then you probably have only 1 public IP<br>
> and are using NAT internally. If so, you can publicly host DNS<br>
> that exposes your private IPs (10. or 192.168. etc.) with<br>
> impunity.<br>
><br>
<br>
</div>That was actually part of my point of concern. I was guessing that he<br>
might have private address space allocated to his internal network,<br>
but without "knowing" the network the clients are behind, there could<br>
be address overlap, and thus, the packets do not go where you think<br>
they would go.<br>
<div><br>
bnm<br>
<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)<br>
Comment: Using GnuPG with Mozilla - <a href="http://www.enigmail.net/" target="_blank">http://www.enigmail.net/</a><br>
<br>
</div>iQE4BAEBCAAiBQJQo600Gxhoa3A6Ly9rZXlzZXJ2ZXIudWJ1bnR1LmNvbQAKCRD5<br>
XCJY/q4Y6B29B/9P4kFke6FZLd5NcmUsUd+F6UOxm9sNfBEOpyDnLO7TUbE1gChL<br>
eDFqaGQEk/qM+UEHME9W1bc1Q/noOEQrXWhETt48WORBbknO/ciwsF9G4PcJ66kn<br>
TTHqinRMKugJmfjvLY7ug/lsW8gsp3E/6RUPUyBNbsnuNLDi079hbTv9GTT8jDvl<br>
Z5r7r16sOIo0oV1YmswAKbuWIspq8v2wuZBr6rx2Mg0GNMYpVn/supDzDb8oRBGN<br>
6hq11ow/mttp8GehHueh37q3ocKzL/3jllRALQMqlWVbgZP1alVIHtejgqk4QIg8<br>
z99uF5DlKYh2K5iIxgIs2IwsL/KH8fC83KMi<br>
=wFF4<br>
<div><div>-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>:wq!<br>---------------------------------------------------------------------------<br>Robert L. Harris<br><br>DISCLAIMER:<br> These are MY OPINIONS With Dreams To Be A King,<br>
ALONE. I speak for First One Should Be A Man<br> no-one else. - Manowar<br>
</div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div>