migration to new isp - now private addresses showing up publicly?
Kaya Saman
kayasaman at gmail.com
Tue May 23 11:59:17 UTC 2023
On 5/23/23 12:47, Matus UHLAR - fantomas wrote:
> On 23.05.23 12:22, Kaya Saman wrote:
>> I've got a very strange problem that has emerged somehow after
>> migrating my isp.
>>
>>
>> My setup previously used 2x servers in master/slave configuration for
>> my public "view" and then had 3x servers for the "internal" view.
>> This was working fine for years and I have been regularly testing
>> using online dns healthcheck sites such as mxtoolbox etc...
>>
>>
>> Now when I try to run any type of check from mxtoolbox or other site
>> eg. https://dnschecker.org/ I am getting my private IP's showing
>> instead of the public ones?
>>
>>
>> Initially it started off by my external zone files not transferring
>> which I managed to see that the information was trying to traverse my
>> NAT (I know, not the best practice to have all dns servers on the
>> same network).
>>
>>
>> As a result external emails from my mail server are not working too
>> well with a hit and miss type thing going on right now.
>>
>>
>> Just to go over, my zone files are fine as the 'external' ones only
>> have public ip addresses in them and do not include any type of
>> internal addressing whatsoever.
>>
>>
>> Here's an example of the config in named.conf for the master:
>
>> view "external" {
>> match-clients { !internals; any; };
> [...]
>> view "external" {
>> match-clients { !internals; any; };
>
> I don't see your definition of "internals".
> Also, I don't see your definition of internal view.
> if internal IP addresses are visible on the internet, obviously the
> internet sources fall into your internal view, not into this one.
>
>
Hi, I omitted those but here they are:
acl internals {
127.0.0.0/8;
192.168.0.0/16;
172.16.0.0/12;
10.0.0.0/8;
};
// These zones are already covered by the empty zones listed below.
// If you remove the related empty zones below, comment these lines out.
disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
disable-empty-zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
disable-empty-zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.
// The traditional root hints mechanism. Use this, OR the slave zones below.
zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
zone "localhost" { type master; file
"/usr/local/etc/namedb/master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
zone "0.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/localhost-reverse.db"; };
// "This" Network (RFCs 1912, 5735 and 6303)
zone "0.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// Private Use Networks (RFCs 1918, 5735 and 6303)
zone "10.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "16.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "17.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "18.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "19.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "20.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "21.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "22.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "23.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "24.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "25.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "26.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "27.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "28.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "29.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "30.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "31.172.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "168.192.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// Shared Address Space (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "65.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "66.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "67.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "68.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "69.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "70.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "71.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "72.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "73.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "74.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "75.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "76.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "77.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "78.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "79.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "80.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "81.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "82.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "83.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "84.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "85.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "86.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "87.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "88.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "89.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "90.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "91.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "92.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "93.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "94.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "95.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "96.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "97.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "98.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "99.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "100.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "101.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "102.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "103.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "104.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "105.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "106.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "107.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "108.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "109.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "110.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "111.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "112.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "113.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "114.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "115.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "116.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "117.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "118.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "119.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "120.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "121.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "122.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "123.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "124.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "125.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "126.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "127.100.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// Link-local/APIPA (RFCs 3927, 5735 and 6303)
zone "254.169.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IETF protocol assignments (RFCs 5735 and 5736)
zone "0.0.192.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
zone "2.0.192.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "100.51.198.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "113.0.203.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// Domain Names for Documentation and Testing (BCP 32)
zone "test" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "example" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "invalid" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "example.com" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "example.net" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "example.org" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// Router Benchmark Testing (RFCs 2544 and 5735)
zone "18.198.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "19.198.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IANA Reserved - Old Class E Space (RFC 5735)
zone "240.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "241.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "242.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "243.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "244.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "245.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "246.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "247.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "248.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "249.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "250.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "251.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "252.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "253.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "254.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Unassigned Addresses (RFC 4291)
zone "1.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "3.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "4.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "5.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "6.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "7.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "8.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "9.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "a.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "b.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "c.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "d.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "e.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "0.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "1.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "2.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "3.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "4.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "5.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "6.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "7.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "8.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "9.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "a.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "b.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "0.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "1.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "2.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "3.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "4.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "5.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "6.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "7.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IPv6 ULA (RFCs 4193 and 6303)
zone "c.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "d.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Link Local (RFCs 4291 and 6303)
zone "8.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "9.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "a.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "b.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
zone "c.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "d.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "e.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "f.e.f.ip6.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
// IP6.INT is Deprecated (RFC 4159)
zone "ip6.int" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };
zone "domain.com" {
type master;
file "/var/named/var/named/domain.db";
allow-transfer { int_dns2; int_dns3; };
allow-query { internals; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/named/var/named/192.168.1.rev";
allow-transfer { int_dns2; int_dns3; };
allow-query { internals; };
};
...
;
More information about the bind-users
mailing list