My ISP's private address space has dns entries available on the public net , is this right ?

Warren Kumari warren at kumari.net
Tue Aug 10 18:11:23 UTC 2010 

On Aug 10, 2010, at 11:01 AM, Matus UHLAR - fantomas wrote:

> On 09.08.10 20:09, donovan jeffrey j wrote:
>> my isp has some private address space which has dns resolution and can be
>> queried from the outside world.
>> 
>> I asked them about this because we use this private address space and it
>> is showing up in our DNS lookups. here was there response;
>> 
>>>   I've discussed this with our systems administrators and have been
>>>   told that this is performing as expected.  ISP DNS servers do contain
>>>   information about private adresses that are in use on our network. 
>>>   If you are utilizing our DNS servers, you will see resolution of
>>>   private IPs to ISP hostnames when appropriate.  That will not occur
>>>   using external DNS servers.  You will see resolution of PTD hostnames
>>>   to private IPs from external servers, but not IP resolution to
>>>   hostnames.  As long as reverse DNS (IP to hostname) is not
>>>   propogating, things are functioning normally.
>> 
>> so even from google public dns i see lookups that refer back to a private
>> address space on my ISP's net.
> 
> what exactly do you see? Do its servers resolve "internal.isp.net" to
> private address? Do they respond to reverse lookups of private addresses
> with some private info?
> 
> While they should not point any services they provide to internal addresses
> (until they assign private addresses to their clients which becomes quite
> common), it doesn't have to cause troubles, Even if it is kind of
> information leak.

Personally I think that this is perfectly fine -- I use RFC1918 addresses at home, and it is convenient to me to be able to refer to my printer as: 

 wkumari$ dig +noall +answer  wk-hp4700.home.ne-where.com
wk-hp4700.home.ne-where.com. 1733 IN	A	192.168.0.47

I don't care who knows what the IP address of my printer is -- if anyone wants to know, my NAS is 192.168.0.254, etc. 
It all depends on what the zone is used for and what your expectations for it are.

W


> 
> -- 
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> How does cat play with mouse? cat /dev/mouse
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list