Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RFC 1918 response

1,745 views
Skip to first unread message

Chris

unread,
Jul 25, 2007, 10:35:45 PM7/25/07
to
The entire log line reads:
localhost named[4436]: client 127.0.0.1#33109: RFC 1918 response from Internet
for 2.2.168.192.in-addr.arpa

I looked through RFC 1918 and believe I have a bit of a grasp on its meaning
and also looked through the bind users archives but couldn't find anything
close to the above. Is this an error, a warning or just a bit of information?

Apologies for the dumb question if this is in fact one.

Chris

--
Chris
KeyID 0xE372A7DA98E6705C


Dawn Connelly

unread,
Jul 25, 2007, 11:01:41 PM7/25/07
to
Your DNS server is trying to query root servers for private IP space. It's
the polite way of saying "Huh, nope, we don't have that information...don't
ask us again."
http://www.isc.org/index.pl?/sw/bind/FAQ.php

Stephane Bortzmeyer

unread,
Jul 25, 2007, 11:11:08 PM7/25/07
to
On Wed, Jul 25, 2007 at 09:35:45PM -0500,
Chris <cpol...@embarqmail.com> wrote
a message of 16 lines which said:

> Apologies for the dumb question if this is in fact one.

Well, it is a FAQist question :-)

Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean?

A: If the IN-ADDR.ARPA name covered refers to a internal address space you are
using then you have failed to follow RFC 1918 usage rules and are leaking
queries to the Internet. You should establish your own zones for these
addresses to prevent you querying the Internet's name servers for these
addresses. Please see http://as112.net/ for details of the problems you are
causing and the counter measures that have had to be deployed.

If you are not using these private addresses then a client has queried for
them. You can just ignore the messages, get the offending client to stop
sending you these messages as they are most probably leaking them or setup your
own zones empty zones to serve answers to these queries.

zone "10.IN-ADDR.ARPA" {
type master;
file "empty";
};

zone "16.172.IN-ADDR.ARPA" {
type master;
file "empty";
};

...

zone "31.172.IN-ADDR.ARPA" {
type master;
file "empty";
};

zone "168.192.IN-ADDR.ARPA" {
type master;
file "empty";
};

empty:
@ 10800 IN SOA <name-of-server>. <contact-email>. (
1 3600 1200 604800 10800 )
@ 10800 IN NS <name-of-server>.

Note

Future versions of named are likely to do this automatically.


Chris

unread,
Jul 28, 2007, 6:02:58 PM7/28/07
to
On Wednesday 25 July 2007 10:01 pm, Dawn Connelly wrote:
> Your DNS server is trying to query root servers for private IP space. It's
> the polite way of saying "Huh, nope, we don't have that information...don't
> ask us again."
> http://www.isc.org/index.pl?/sw/bind/FAQ.php
>
Ok, I checked the FAQ, should have done that in the first place and I see that
it says I should setup my own empty zone like this in my named.conf:

zone "168.192.IN-ADDR.ARPA" {
type master;
file "empty";
};

The faq then goes on to say:

empty:
@ 10800 IN SOA <name-of-server>. <contact-email>. (
1 3600 1200 604800 10800 )
@ 10800 IN NS <name-of-server>.

That is where I'm confused as to what to place in the <name-of server>, and so
forth. Using the example dig @prisoner.iana.org hostname.as112.net any, that
is shown at http://public.as112.net/node/7 I get:

; <<>> DiG 9.4.1 <<>> @prisoner.iana.org hostname.as112.net any
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51027
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;hostname.as112.net. IN ANY

;; ANSWER SECTION:
hostname.as112.net. 15 IN SOA rfc1918.sth.netnod.se.
hostmaster.netnod.se. 2002052700 28800 7200 604800 86400
hostname.as112.net. 15 IN NS blackhole-1.iana.org.
hostname.as112.net. 15 IN TXT "See http://as112.net/ for
more information."
hostname.as112.net. 15 IN TXT "Autonomica" "Stockholm,
Sweden"

;; ADDITIONAL SECTION:
blackhole-1.iana.org. 3600 IN A 192.175.48.6

So should this @ 10800 IN NS <name-of-server>. be "blackhole-1.isna.org"?

And this @ 10800 IN SOA <name-of-server>. <contact-email>
"rfc1918.sth.netnod.se"? And "hostmaster.netnod.se" as the contact-email? Or
am I misunderstanding how this is supposed to be written?

--
Chris
KeyID 0xE372A7DA98E6705C


Dawn Connelly

unread,
Jul 28, 2007, 6:35:10 PM7/28/07
to
The point of this exercise is to tell your machine that you are
authoritative for it. Internal IP address space should not be queried
outside of your network. Set that zone up the same way you would any other
zone that you are authoritative for. Put your own email address and master
server as well as slave servers in the NS fields. If you want to populate it
with correct information- spiffy. If not, at least you won't be adding load
to internet root servers asking them things that they can't possibly answer.
Hope that helps. :)

Stephane Bortzmeyer

unread,
Jul 30, 2007, 4:58:50 AM7/30/07
to
On Sat, Jul 28, 2007 at 05:02:58PM -0500,
Chris <cpol...@embarqmail.com> wrote
a message of 56 lines which said:

> And this @ 10800 IN SOA <name-of-server>. <contact-email>
> "rfc1918.sth.netnod.se"? And "hostmaster.netnod.se" as the
> contact-email?

Not at all. These are the information for AS 112 (see
http://www.as112.net/). You should put *your* information in this
file.


0 new messages