Doubt about RFC1918 response from Internet

Mark Andrews marka at isc.org
Thu Apr 5 22:27:59 UTC 2012 

In message <CAGdn3FE22-RH0GCP3soYM5D2SnyKEX7_M7fdHj_kdE00y9UyPw at mail.gmail.com>
, Carlos Ribas writes:
> Hello,
> 
>     I'm sending this message to see if I understood the meaning of " RFC
> 1918 response from Internet" message logs. I read the FAQ of Bind [1], but
> I have to be honest to say that I'm a litlle bit confused, since English is
> not my first language.
> 
>     I'm using Bind 9.7.3 in a Debian server. It has a arquive named
> zones.rfc1918 [2] that is enabled. I just took off the line refering to
> 10.0.0.0 network because I'm using it in my organization. I have the
> reverse configured for my network, eg: 1.0.10.in-addr.arpa, but I dont have
> the reverse for the rest of this network.

Add a 10.in-addr.arpa zone to your configuration that delegates
1.0.10.in-addr.arpa.  This will catch any leaks.

$TTL 3600
@	SOA ns1.example.net. hostmaster.example.net 1 3600 1200 2419200 3600
@	NS ns1.example.net.
@	NS ns2.example.net.
1.0	NS ns1.example.net.
1.0	NS ns2.example.net.
 
>     If, by mistake or not, a client asks for a address in the 10.0.2.0
> network, my server will querying the Internet's name servers for this
> address once I dont have it configured and then I will receive message logs
> about it [3]. Is that correct?
> 
> [1] - http://www.bind9.net/BIND-FAQ
> 
> [2] - zones.rfc1918 arquive:
> zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> 
> zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
> 
> [3] Message logs:
> 04-Apr-2012 18:15:25.099 security: client 10.0.1.13#47738: view internal:
> RFC 1918 response from Internet for 50.2.0.10.in-addr.arpa
> 04-Apr-2012 18:21:09.245 security: client 10.0.1.13#42000: view internal:
> RFC 1918 response from Internet for 50.2.0.10.in-addr.arpa
> 
> 
> Best regards,
> 
> ---------------------------------
> Carlos Eduardo Ribas
> 
> --00248c6a671a32f51404bced3fd5
> Content-Type: text/html; charset=ISO-8859-1
> Content-Transfer-Encoding: quoted-printable
> 
> Hello,<div><br></div><div><div>=A0 =A0 I'm sending this message to see =
> if I understood the meaning of " RFC 1918 response from Internet"=
>  message logs. I read the FAQ of Bind [1], but I have to be honest to say t=
> hat I'm a litlle bit confused, since English is not my first language.<=
> /div>
> <div><br></div><div>=A0 =A0 I'm using Bind 9.7.3 in a Debian server. It=
>  has a arquive named zones.rfc1918 [2] that is enabled. I just took off the=
>  line refering to 10.0.0.0 network because I'm using it in my organizat=
> ion. I have the reverse configured for my network, eg: 1.0.10.in-addr.arpa,=
>  but I dont have the reverse for the rest of this network.</div>
> </div><div><br></div><div>=A0 =A0 If, by mistake or not, a client asks for =
> a address in the 10.0.2.0 network, my server will querying the Internet&#39=
> ;s name servers for this address once I dont have it configured and then I =
> will receive message logs about it [3]. Is that correct?=A0</div>
> <div><br></div><div>[1] -=A0<a href=3D"http://www.bind9.net/BIND-FAQ">http:=
> //www.bind9.net/BIND-FAQ</a>=A0</div><div><br></div><div>[2] -=A0zones.rfc1=
> 918 arquive:</div><div><div>zone "16.172.in-addr.arpa" =A0{ type =
> master; file "/etc/bind/db.empty"; };</div>
> <div>zone "17.172.in-addr.arpa" =A0{ type master; file "/etc=
> /bind/db.empty"; };</div><div>zone "18.172.in-addr.arpa" =A0=
> { type master; file "/etc/bind/db.empty"; };</div><div>zone &quot=
> ;19.172.in-addr.arpa" =A0{ type master; file "/etc/bind/db.empty&=
> quot;; };</div>
> <div>zone "20.172.in-addr.arpa" =A0{ type master; file "/etc=
> /bind/db.empty"; };</div><div>zone "21.172.in-addr.arpa" =A0=
> { type master; file "/etc/bind/db.empty"; };</div><div>zone &quot=
> ;22.172.in-addr.arpa" =A0{ type master; file "/etc/bind/db.empty&=
> quot;; };</div>
> <div>zone "23.172.in-addr.arpa" =A0{ type master; file "/etc=
> /bind/db.empty"; };</div><div>zone "24.172.in-addr.arpa" =A0=
> { type master; file "/etc/bind/db.empty"; };</div><div>zone &quot=
> ;25.172.in-addr.arpa" =A0{ type master; file "/etc/bind/db.empty&=
> quot;; };</div>
> <div>zone "26.172.in-addr.arpa" =A0{ type master; file "/etc=
> /bind/db.empty"; };</div><div>zone "27.172.in-addr.arpa" =A0=
> { type master; file "/etc/bind/db.empty"; };</div><div>zone &quot=
> ;28.172.in-addr.arpa" =A0{ type master; file "/etc/bind/db.empty&=
> quot;; };</div>
> <div>zone "29.172.in-addr.arpa" =A0{ type master; file "/etc=
> /bind/db.empty"; };</div><div>zone "30.172.in-addr.arpa" =A0=
> { type master; file "/etc/bind/db.empty"; };</div><div>zone &quot=
> ;31.172.in-addr.arpa" =A0{ type master; file "/etc/bind/db.empty&=
> quot;; };</div>
> <div><br></div><div>zone "168.192.in-addr.arpa" { type master; fi=
> le "/etc/bind/db.empty"; };</div></div><div><br></div><div>[3] Me=
> ssage logs:</div><div><div>04-Apr-2012 18:15:25.099 security: client 10.0.1=
> .13#47738: view internal: RFC 1918 response from Internet for 50.2.0.10.in-=
> addr.arpa</div>
> <div>04-Apr-2012 18:21:09.245 security: client 10.0.1.13#42000: view intern=
> al: RFC 1918 response from Internet for 50.2.0.10.in-addr.arpa</div></div><=
> div><br></div><div><br></div><div><div>Best regards,</div><div><br clear=3D=
> "all">
> <div>---------------------------------</div><div>Carlos Eduardo Ribas</div>=
> </div></div>
> 
> --00248c6a671a32f51404bced3fd5--
> 
> --===============4492619599953994014==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --===============4492619599953994014==--
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list