Private IP address in public DNS

Some people will say no public DNS records should ever disclose private IP addresses….with the thinking being that you are giving potential attackers a leg up on some information that might be required to exploit private systems.

Personally, I think that obfuscation is a poor form of security, especially when we are talking about IP addresses because in general they are easy to guess anyway, so I don’t see this as a realistic security compromise.

The bigger consideration here is making sure your public users don’t pickup this DNS record as part of the normal public services of your hosted application. ie: External DNS lookups somehow start resolving to an address they can’t get to.

Aside from that, I see no fundamental reason why putting private address A records into the public space is a problem….especially when you have no alternate DNS server to host them on.

If you do decide to put this record into the public DNS space, you might consider creating a separate zone on the same server to hold all the “private” records. This will make it clearer that they are intended to be private….however for just one A record, I probably wouldn’t bother.

Related Posts:

  1. Is a wildcard CNAME DNS record valid?
  2. List all DNS records in a domain using dig?
  3. How to include multiple domains in an spf TXT Record
  4. What is a glue record?
  5. Why is DNS failover not recommended?
  6. Top level domain/domain suffix for private network?
  7. DNS – NSLOOKUP what is the meaning of the non-authoritative answer?
  8. Why can’t a CNAME record be used at the apex (aka root) of a domain?
  9. What’s the meaning of ‘@’ in a DNS zone file?
  10. How can I see Time-To-Live (TTL) for a DNS record?
  11. What type of DNS record is needed to make a subdomain?
  12. Why can’t MX records point to an IP address?
  13. Should we host our own nameservers?
  14. Should CNAME Be Used For Subdomains?
  15. How does ServerName and ServerAlias work?
  16. Vagrant / VirtualBox DNS 10.0.2.3 not working
  17. Is a CNAME to CNAME chain allowed?
  18. Multiple data centers and HTTP traffic: DNS Round Robin is the ONLY way to assure instant fail-over?
  19. Multiple TXT fields for same subdomain
  20. Do SPF Records For Primary Domain apply to subdomains?
  21. Using prevNext Modx Addon
  22. TypeError: only integer scalar arrays can be converted to a scalar index with 1D numpy indices array
  23. Substring in excel
  24. What is the difference between POST and PUT in HTTP?
  25. How does npm start work? What all processes are happening in the background?
  26. What is the := operator?
  27. What is Xpenology? Is it Linux related thing?
  28. Create blank image in Imagemagick
  29. How to install apoc for neo4j?
  30. Is there a way to get Bing’s photo of the day?
  31. Chrome: Uncaught SyntaxError: Unexpected end of input
  32. Muting a Discord user on my Server
  33. Plot logarithmic axes with matplotlib in python
  34. Regex lookahead, lookbehind and atomic groups
  35. Why git asks to enter a commit message to explain why this merge is necessary
  36. What does “?” mean in Java?
  37. git pull on a different branch
  38. MIPS fetch address not aligned on word boundary, used .align 4, still no go
  39. Collapse all methods in Visual Studio Code
  40. How to convert .crt cetificate file to .pfx
  41. Manually create a pyspark dataframe
  42. Couchbase query using “\uefff” break the next conditional keys
  43. VMWare Workstation VM not starting because of locked portion of file
  44. What is the difference between memoization and dynamic programming?
  45. How do you loop in a Windows batch file?
  46. Android Completely transparent Status Bar?
  47. How to sign-extend a number in Verilog
  48. How to draw a checkmark / tick using CSS?
  49. c array – warning: format not a string literal
  50. Create Hyperlink in Slack
  51. How can I add numbers in a Bash script?
  52. Swift protocols: method does not override any method from its superclass
  53. What is index.js used for in node.js projects?
  54. Reference Error: moment is not defined (Using moment.js)
  55. What should be hadoop.tmp.dir ?
  56. How does DHT in torrents work?
  57. C++ undefined reference to WinMain@16 (Code::Blocks)
  58. Lambda Calculus Reduction steps
  59. JavaScript: IIF like statement
  60. What is cardinality in Databases?
  61. What is the relationship between PyTorch and Torch?
  62. Node inconsistent with parents in JAGS model (R)
  63. python 3.x ImportError: No module named ‘cStringIO’
  64. error: unknown type name ‘bool’
  65. How can I enable Assembly binding logging?
  66. While running the script throws cannot find module ‘dotenv’
  67. What makes Lisp macros so special?
  68. zsh command cannot found pip
  69. How can I move a tag on a git branch to a different commit?
  70. How do you run CMD.exe under the Local System Account?
  71. VBScript to send email without running Outlook
  72. Why is Node.js scalable?
  73. ApiNotActivatedMapError for simple html page using google-places-api
  74. The correct way to read a data file into an array
  75. HTTP status code 0 – Error Domain=NSURLErrorDomain?
  76. How to list all available Kafka brokers in a cluster?
  77. Ext.getCmp(id) or Ext.ComponentQuery.query(attribute)
  78. Remove ‘Theme Options’ Option Tree WordPress
  79. Forbid contributors viewing drafts
  80. show taxonomy meta field in template
  81. Follow author on muti-user WordPress site
  82. List Taxonomy terms along with their posts
  83. Monday morning mistake: sudo rm -rf –no-preserve-root /
  84. Delete Amazon EC2 terminated instance
  85. robocopy transfer file and not folder
  86. What’s the difference between include_tasks and import_tasks?
  87. rm on a directory with millions of files
  88. What ports to open for mail server?
  89. Why is Enterprise Storage so expensive?
  90. Should a wildcard SSL certificate secure both the root domain as well as the sub-domains?
  91. How to show all banned IP with fail2ban?
  92. How can I get diff to show only added and deleted lines? If diff can’t do it, what tool can?
  93. Adding a user to an additional group using ansible
  94. Best system administrator accident [closed]
  95. Reread partition table without rebooting?
  96. Storing a million images in the filesystem
  97. How to keep rsync from chown’ing transferred files?
  98. How to view connected users to open vpn server?
  99. Can I specify a port in an entry in my /etc/hosts on OS X? [duplicate]
  100. How to check for modified config files on a Debian system?

Leave a Comment