Doubt about RFC1918 response from Internet

Fri Apr 6 00:08:53 UTC 2012

Hello,

    Thanks for your response. Ok, now I understood what happend. I created
the 10.in-addr.arpa arquive and now I'm authoritative for all the reverse
address space 10/8. I believe I will not querying the Internet's name
servers for these address anymore.

Best regards,

---------------------------------
Carlos Eduardo Ribas

2012/4/5 Mark Andrews <marka at isc.org>

>
> In message <
> CAGdn3FE22-RH0GCP3soYM5D2SnyKEX7_M7fdHj_kdE00y9UyPw at mail.gmail.com>
> , Carlos Ribas writes:
> > Hello,
> >
> >     I'm sending this message to see if I understood the meaning of " RFC
> > 1918 response from Internet" message logs. I read the FAQ of Bind [1],
> but
> > I have to be honest to say that I'm a litlle bit confused, since English
> is
> > not my first language.
> >
> >     I'm using Bind 9.7.3 in a Debian server. It has a arquive named
> > zones.rfc1918 [2] that is enabled. I just took off the line refering to
> > 10.0.0.0 network because I'm using it in my organization. I have the
> > reverse configured for my network, eg: 1.0.10.in-addr.arpa, but I dont
> have
> > the reverse for the rest of this network.
>
> Add a 10.in-addr.arpa zone to your configuration that delegates
> 1.0.10.in-addr.arpa.  This will catch any leaks.
>
> $TTL 3600
> @       SOA ns1.example.net. hostmaster.example.net 1 3600 1200 2419200
> 3600
> @       NS ns1.example.net.
> @       NS ns2.example.net.
> 1.0     NS ns1.example.net.
> 1.0     NS ns2.example.net.
>
> >     If, by mistake or not, a client asks for a address in the 10.0.2.0
> > network, my server will querying the Internet's name servers for this
> > address once I dont have it configured and then I will receive message
> logs
> > about it [3]. Is that correct?
> >
> > [1] - http://www.bind9.net/BIND-FAQ
> >
> > [2] - zones.rfc1918 arquive:
> > zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> > zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
> >
> > zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
> >
> > [3] Message logs:
> > 04-Apr-2012 18:15:25.099 security: client 10.0.1.13#47738: view internal:
> > RFC 1918 response from Internet for 50.2.0.10.in-addr.arpa
> > 04-Apr-2012 18:21:09.245 security: client 10.0.1.13#42000: view internal:
> > RFC 1918 response from Internet for 50.2.0.10.in-addr.arpa
> >
> >
> > Best regards,
> >
> > ---------------------------------
> > Carlos Eduardo Ribas
> >
> > --00248c6a671a32f51404bced3fd5
> > Content-Type: text/html; charset=ISO-8859-1
> > Content-Transfer-Encoding: quoted-printable
> >
> > Hello,<div><br></div><div><div>=A0 =A0 I'm sending this message to
> see =
> > if I understood the meaning of " RFC 1918 response from
> Internet"=
> >  message logs. I read the FAQ of Bind [1], but I have to be honest to
> say t=
> > hat I'm a litlle bit confused, since English is not my first
> language.<=
> > /div>
> > <div><br></div><div>=A0 =A0 I'm using Bind 9.7.3 in a Debian server.
> It=
> >  has a arquive named zones.rfc1918 [2] that is enabled. I just took off
> the=
> >  line refering to 10.0.0.0 network because I'm using it in my
> organizat=
> > ion. I have the reverse configured for my network, eg:
> 1.0.10.in-addr.arpa,=
> >  but I dont have the reverse for the rest of this network.</div>
> > </div><div><br></div><div>=A0 =A0 If, by mistake or not, a client asks
> for =
> > a address in the 10.0.2.0 network, my server will querying the
> Internet&#39=
> > ;s name servers for this address once I dont have it configured and then
> I =
> > will receive message logs about it [3]. Is that correct?=A0</div>
> > <div><br></div><div>[1] -=A0<a href=3D"http://www.bind9.net/BIND-FAQ
> ">http:=
> > //www.bind9.net/BIND-FAQ</a>=A0</div><div><br></div><div>[2]
> -=A0zones.rfc1=
> > 918 arquive:</div><div><div>zone "16.172.in-addr.arpa" =A0{
> type =
> > master; file "/etc/bind/db.empty"; };</div>
> > <div>zone "17.172.in-addr.arpa" =A0{ type master; file
> "/etc=
> > /bind/db.empty"; };</div><div>zone "18.172.in-addr.arpa"
> =A0=
> > { type master; file "/etc/bind/db.empty"; };</div><div>zone
> &quot=
> > ;19.172.in-addr.arpa" =A0{ type master; file
> "/etc/bind/db.empty&=
> > quot;; };</div>
> > <div>zone "20.172.in-addr.arpa" =A0{ type master; file
> "/etc=
> > /bind/db.empty"; };</div><div>zone "21.172.in-addr.arpa"
> =A0=
> > { type master; file "/etc/bind/db.empty"; };</div><div>zone
> &quot=
> > ;22.172.in-addr.arpa" =A0{ type master; file
> "/etc/bind/db.empty&=
> > quot;; };</div>
> > <div>zone "23.172.in-addr.arpa" =A0{ type master; file
> "/etc=
> > /bind/db.empty"; };</div><div>zone "24.172.in-addr.arpa"
> =A0=
> > { type master; file "/etc/bind/db.empty"; };</div><div>zone
> &quot=
> > ;25.172.in-addr.arpa" =A0{ type master; file
> "/etc/bind/db.empty&=
> > quot;; };</div>
> > <div>zone "26.172.in-addr.arpa" =A0{ type master; file
> "/etc=
> > /bind/db.empty"; };</div><div>zone "27.172.in-addr.arpa"
> =A0=
> > { type master; file "/etc/bind/db.empty"; };</div><div>zone
> &quot=
> > ;28.172.in-addr.arpa" =A0{ type master; file
> "/etc/bind/db.empty&=
> > quot;; };</div>
> > <div>zone "29.172.in-addr.arpa" =A0{ type master; file
> "/etc=
> > /bind/db.empty"; };</div><div>zone "30.172.in-addr.arpa"
> =A0=
> > { type master; file "/etc/bind/db.empty"; };</div><div>zone
> &quot=
> > ;31.172.in-addr.arpa" =A0{ type master; file
> "/etc/bind/db.empty&=
> > quot;; };</div>
> > <div><br></div><div>zone "168.192.in-addr.arpa" { type master;
> fi=
> > le "/etc/bind/db.empty"; };</div></div><div><br></div><div>[3]
> Me=
> > ssage logs:</div><div><div>04-Apr-2012 18:15:25.099 security: client
> 10.0.1=
> > .13#47738: view internal: RFC 1918 response from Internet for
> 50.2.0.10.in-=
> > addr.arpa</div>
> > <div>04-Apr-2012 18:21:09.245 security: client 10.0.1.13#42000: view
> intern=
> > al: RFC 1918 response from Internet for
> 50.2.0.10.in-addr.arpa</div></div><=
> > div><br></div><div><br></div><div><div>Best regards,</div><div><br
> clear=3D=
> > "all">
> > <div>---------------------------------</div><div>Carlos Eduardo
> Ribas</div>=
> > </div></div>
> >
> > --00248c6a671a32f51404bced3fd5--
> >
> > --===============4492619599953994014==
> > Content-Type: text/plain; charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Content-Disposition: inline
> >
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe
> >  from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> > --===============4492619599953994014==--
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120405/e066e9f5/attachment.html>