I looked through RFC 1918 and believe I have a bit of a grasp on its meaning
and also looked through the bind users archives but couldn't find anything
close to the above. Is this an error, a warning or just a bit of information?
Apologies for the dumb question if this is in fact one.
Chris
--
Chris
KeyID 0xE372A7DA98E6705C
> Apologies for the dumb question if this is in fact one.
Well, it is a FAQist question :-)
Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean?
A: If the IN-ADDR.ARPA name covered refers to a internal address space you are
using then you have failed to follow RFC 1918 usage rules and are leaking
queries to the Internet. You should establish your own zones for these
addresses to prevent you querying the Internet's name servers for these
addresses. Please see http://as112.net/ for details of the problems you are
causing and the counter measures that have had to be deployed.
If you are not using these private addresses then a client has queried for
them. You can just ignore the messages, get the offending client to stop
sending you these messages as they are most probably leaking them or setup your
own zones empty zones to serve answers to these queries.
zone "10.IN-ADDR.ARPA" {
type master;
file "empty";
};
zone "16.172.IN-ADDR.ARPA" {
type master;
file "empty";
};
...
zone "31.172.IN-ADDR.ARPA" {
type master;
file "empty";
};
zone "168.192.IN-ADDR.ARPA" {
type master;
file "empty";
};
empty:
@ 10800 IN SOA <name-of-server>. <contact-email>. (
1 3600 1200 604800 10800 )
@ 10800 IN NS <name-of-server>.
Note
Future versions of named are likely to do this automatically.
The faq then goes on to say:
empty:
@ 10800 IN SOA <name-of-server>. <contact-email>. (
1 3600 1200 604800 10800 )
@ 10800 IN NS <name-of-server>.
That is where I'm confused as to what to place in the <name-of server>, and so
forth. Using the example dig @prisoner.iana.org hostname.as112.net any, that
is shown at http://public.as112.net/node/7 I get:
; <<>> DiG 9.4.1 <<>> @prisoner.iana.org hostname.as112.net any
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51027
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;hostname.as112.net. IN ANY
;; ANSWER SECTION:
hostname.as112.net. 15 IN SOA rfc1918.sth.netnod.se.
hostmaster.netnod.se. 2002052700 28800 7200 604800 86400
hostname.as112.net. 15 IN NS blackhole-1.iana.org.
hostname.as112.net. 15 IN TXT "See http://as112.net/ for
more information."
hostname.as112.net. 15 IN TXT "Autonomica" "Stockholm,
Sweden"
;; ADDITIONAL SECTION:
blackhole-1.iana.org. 3600 IN A 192.175.48.6
So should this @ 10800 IN NS <name-of-server>. be "blackhole-1.isna.org"?
And this @ 10800 IN SOA <name-of-server>. <contact-email>
"rfc1918.sth.netnod.se"? And "hostmaster.netnod.se" as the contact-email? Or
am I misunderstanding how this is supposed to be written?
--
Chris
KeyID 0xE372A7DA98E6705C
> And this @ 10800 IN SOA <name-of-server>. <contact-email>
> "rfc1918.sth.netnod.se"? And "hostmaster.netnod.se" as the
> contact-email?
Not at all. These are the information for AS 112 (see
http://www.as112.net/). You should put *your* information in this
file.