DNS requests for 1918 space

Can anyone point me at any papers that talk about security issues raised by
private networks passing dns requests for RFC 1918 private address space out
to their ISP's dns servers?

I'm aware of the issues involved with an ISP passing the requests on to the
root servers but was looking specifically for security type issues relating
to a private network passing the requests out to their ISP's dns servers.


  has some very good information about some of the
  problems w/ leaked queries.

  http://as112.net/ has some mitigation stratagies.


That mitigates the issue, but fails to deal with the root cause.

One has to wonder - if a network is spewing enough broken DNS packets that it's
noticable, and it's not getting fixed, what *else* is wrong with the network.
Remember - every packet you see is a timeout happening back at the
misconfigured site.

It's like a car with one headlight out - yes, it still works, but whenever I see
one on the road, I wonder what ELSE is marginal (like brake pads)....