RFC 1918 errors
Mark Andrews
Mark_Andrews at isc.org
Wed Mar 5 00:39:35 UTC 2008
> List,
>
> I have my DNS server running and I have been watching my logs. I have
> found a consistent message:
>
> 04-Mar-2008 14:48:13.629 security: warning: client
> 192.168.2.116#49474: RFC 1918 response from Internet for
> 116.2.168.192.in-addr.arpa
> 04-Mar-2008 14:48:19.271 security: warning: client
> 192.168.2.116#49494: RFC 1918 response from Internet for
> 2.129.37.10.in-addr.arpa
> 04-Mar-2008 14:48:19.561 security: warning: client
> 192.168.2.116#49495: RFC 1918 response from Internet for
> 2.55.211.10.in-addr.arpa
> 04-Mar-2008 14:54:41.040 security: warning: client
> 192.168.2.111#44890: RFC 1918 response from Internet for
> 116.2.168.192.in-addr.arpa
> 04-Mar-2008 14:54:41.133 security: warning: client
> 192.168.2.111#44890: RFC 1918 response from Internet for
> 111.2.168.192.in-addr.arpa
> 04-Mar-2008 14:56:51.489 security: warning: client
> 192.168.2.111#44891: RFC 1918 response from Internet for
> 116.2.168.192.in-addr.arpa
> 04-Mar-2008 14:56:51.489 security: warning: client
> 192.168.2.111#44891: RFC 1918 response from Internet for
> 111.2.168.192.in-addr.arpa
> 04-Mar-2008 14:57:52.919 security: warning: client
> 192.168.2.111#44891: RFC 1918 response from Internet for
> 116.2.168.192.in-addr.arpa
> 04-Mar-2008 14:57:52.920 security: warning: client
> 192.168.2.111#44891: RFC 1918 response from Internet for
> 111.2.168.192.in-addr.arpa
> 04-Mar-2008 14:58:06.649 security: warning: client
> 192.168.2.111#44891: RFC 1918 response from Internet for
> 255.2.168.192.in-addr.arpa
> 04-Mar-2008 14:58:11.738 security: warning: client
> 192.168.2.111#44891: RFC 1918 response from Internet for
> 1.2.168.192.in-addr.arpa
> 04-Mar-2008 14:58:47.839 security: warning: client
> 192.168.2.111#44891: RFC 1918 response from Internet for
> 116.2.168.192.in-addr.arpa
> 04-Mar-2008 14:58:47.840 security: warning: client
> 192.168.2.111#44891: RFC 1918 response from Internet for
> 111.2.168.192.in-addr.arpa
> 04-Mar-2008 14:59:08.539 security: warning: client
> 192.168.2.111#44891: RFC 1918 response from Internet for
> 255.2.168.192.in-addr.arpa
> 04-Mar-2008 14:59:22.794 security: warning: client
> 192.168.2.111#44891: RFC 1918 response from Internet for
> 1.2.168.192.in-addr.arpa
>
> My workstation is 192.168.2.116
> My server is 192.168.2.111
> My router IP is 192.168.2.1
>
> Reviewing RFC 1918 I think this message is saying that I am querying
> my internal LAN addresses from the root servers?? I certainly do not
> want to do that!
>
> Any clarification as to what I'm seeing?
>
> Kristen
From the FAQ.
Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA"
mean?
A: If the IN-ADDR.ARPA name covered refers to a internal address space you
are using then you have failed to follow RFC 1918 usage rules and are
leaking queries to the Internet. You should establish your own zones
for these addresses to prevent you querying the Internet's name servers
for these addresses. Please see http://as112.net/ for details of the
problems you are causing and the counter measures that have had to be
deployed.
If you are not using these private addresses then a client has queried
for them. You can just ignore the messages, get the offending client to
stop sending you these messages as they are most probably leaking them
or setup your own zones empty zones to serve answers to these queries.
zone "10.IN-ADDR.ARPA" {
type master;
file "empty";
};
zone "16.172.IN-ADDR.ARPA" {
type master;
file "empty";
};
...
zone "31.172.IN-ADDR.ARPA" {
type master;
file "empty";
};
zone "168.192.IN-ADDR.ARPA" {
type master;
file "empty";
};
empty:
@ 10800 IN SOA <name-of-server>. <contact-email>. (
1 3600 1200 604800 10800 )
@ 10800 IN NS <name-of-server>.
Note
Future versions of named are likely to do this automatically.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list