rfc1918 ns records coming from internet are queried?
Mark Andrews
Mark_Andrews at isc.org
Tue Nov 25 23:50:05 UTC 2008
In message <492C8CDD.2090008 at ca.sophos.com>, David Sparks writes:
> Problem: when querying asdf.ad.rice.edu, bind sends queries into my local
> network (specifically to 10.129.92.100, which is not a ns) which I find
> undesirable.
Mark the servers as bogus.
> Is there any way to disable this behavior? Is it expected that bind queries
> rfc1918 nameserver addresses from non-rfc1918 queries? I would've expected
> something along the lines of "error: ... RFC 1918 response from Internet for
> ...".
>
>
> $ dig @ns1.rice.edu asdf.ad.rice.edu
>
> ; <<>> DiG 9.4.1-P1 <<>> @ns1.rice.edu asdf.ad.rice.edu
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52793
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;asdf.ad.rice.edu. IN A
>
> ;; AUTHORITY SECTION:
> ad.rice.edu. 3600 IN NS support-dc7.rice.edu.
> ad.rice.edu. 3600 IN NS support-dc6.rice.edu.
> ad.rice.edu. 3600 IN NS support-dc5.rice.edu.
> ad.rice.edu. 3600 IN NS support-dc4.rice.edu.
>
> ;; ADDITIONAL SECTION:
> support-dc7.rice.edu. 3600 IN A 10.136.93.4
> support-dc6.rice.edu. 3600 IN A 128.42.18.16
> support-dc5.rice.edu. 3600 IN A 10.129.92.100
> support-dc4.rice.edu. 3600 IN A 128.42.18.223
>
> ;; Query time: 82 msec
> ;; SERVER: 128.42.209.32#53(128.42.209.32)
> ;; WHEN: Tue Nov 25 15:29:48 2008
> ;; MSG SIZE rcvd: 202
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list