Re: My ISP's private address space has dns entries available on the public net , is this right ?
Kevin Darcy
If an enterprise uses the private address space, or a mix of private and public address spaces, then DNS clients outside of the enterprise should not see addresses in the private address space used by the enterprise, since these addresses would be ambiguous.(In Section 5, Operational Considerations).
But, you should understand that RFC 1918 itself is only a "BCP" (Best Current Practice), not a Standards-Track document, so you can't really call the RFC Police on them.
On the other hand, common sense would dictate that if you use RFC 1918 at all, you shouldn't pick and choose which parts of it you follow and which parts you don't. The arguments go both ways on this point, see e.g. http://www.merit.edu/mail.archives/nanog/2006-09/msg00359.html
- Kevin
On 8/9/2010 8:09 PM, donovan jeffrey j wrote:
Greetings my isp has some private address space which has dns resolution and can be queried from the outside world. I asked them about this because we use this private address space and it is showing up in our DNS lookups. here was there response;I've discussed this with our systems administrators and have been told that this is performing as expected. ISP DNS servers do contain information about private adresses that are in use on our network. If you are utilizing our DNS servers, you will see resolution of private IPs to ISP hostnames when appropriate. That will not occur using external DNS servers. You will see resolution of PTD hostnames to private IPs from external servers, but not IP resolution to hostnames. As long as reverse DNS (IP to hostname) is not propogating, things are functioning normally.so even from google public dns i see lookups that refer back to a private address space on my ISP's net. is that right ? -j _______________________________________________ bind-users mailing list bind-...@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Warren Kumari
On Aug 10, 2010, at 11:01 AM, Matus UHLAR - fantomas wrote:
> On 09.08.10 20:09, donovan jeffrey j wrote:
>> my isp has some private address space which has dns resolution and can be
>> queried from the outside world.
>>
>> I asked them about this because we use this private address space and it
>> is showing up in our DNS lookups. here was there response;
>>
>>> I've discussed this with our systems administrators and have been
>>> told that this is performing as expected. ISP DNS servers do contain
>>> information about private adresses that are in use on our network.
>>> If you are utilizing our DNS servers, you will see resolution of
>>> private IPs to ISP hostnames when appropriate. That will not occur
>>> using external DNS servers. You will see resolution of PTD hostnames
>>> to private IPs from external servers, but not IP resolution to
>>> hostnames. As long as reverse DNS (IP to hostname) is not
>>> propogating, things are functioning normally.
>>
>> so even from google public dns i see lookups that refer back to a private
>> address space on my ISP's net.
>
> what exactly do you see? Do its servers resolve "internal.isp.net" to
> private address? Do they respond to reverse lookups of private addresses
> with some private info?
>
> While they should not point any services they provide to internal addresses
> (until they assign private addresses to their clients which becomes quite
> common), it doesn't have to cause troubles, Even if it is kind of
> information leak.
Personally I think that this is perfectly fine -- I use RFC1918 addresses at home, and it is convenient to me to be able to refer to my printer as:
wkumari$ dig +noall +answer wk-hp4700.home.ne-where.com
wk-hp4700.home.ne-where.com. 1733 IN A 192.168.0.47
I don't care who knows what the IP address of my printer is -- if anyone wants to know, my NAS is 192.168.0.254, etc.
It all depends on what the zone is used for and what your expectations for it are.
W
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> How does cat play with mouse? cat /dev/mouse
Greg Whynott
On Aug 10, 2010, at 10:43 AM, Greg Whynott wrote:
> I'd say no, and your ISP may need to gain a working knowledge of bind views if they need to resolve 1812 addresses for their own needs without affecting customers who are using the ISP DNS servers as their resolver.
>
> the way you could fix this without their involvement is to bring up your own DNS server which is master for the zone you are using internally. any queries it can't answer, will only then be forwarded off to your ISP.
>
>
> -g
>
>
> On Aug 9, 2010, at 8:09 PM, donovan jeffrey j wrote:
>
>> Greetings
>>
>> my isp has some private address space which has dns resolution and can be queried from the outside world.
>>
>> I asked them about this because we use this private address space and it is showing up in our DNS lookups. here was there response;
>>
>>> I've discussed this with our systems administrators and have been told that this is performing as expected. ISP DNS servers do contain information about private adresses that are in use on our network. If you are utilizing our DNS servers, you will see resolution of private IPs to ISP hostnames when appropriate. That will not occur using external DNS servers. You will see resolution of PTD hostnames to private IPs from external servers, but not IP resolution to hostnames. As long as reverse DNS (IP to hostname) is not propogating, things are functioning normally.
>>
>> so even from google public dns i see lookups that refer back to a private address space on my ISP's net.
>>
>> is that right ?
>> -j
donovan jeffrey j
Matus UHLAR - fantomas
what exactly do you see? Do its servers resolve "internal.isp.net" to
private address? Do they respond to reverse lookups of private addresses
with some private info?
While they should not point any services they provide to internal addresses
(until they assign private addresses to their clients which becomes quite
common), it doesn't have to cause troubles, Even if it is kind of
information leak.
--
Greg Whynott
the way you could fix this without their involvement is to bring up your own DNS server which is master for the zone you are using internally. any queries it can't answer, will only then be forwarded off to your ISP.
-g
On Aug 9, 2010, at 8:09 PM, donovan jeffrey j wrote:
> Greetings
>
> my isp has some private address space which has dns resolution and can be queried from the outside world.
>
> I asked them about this because we use this private address space and it is showing up in our DNS lookups. here was there response;
>
>> I've discussed this with our systems administrators and have been told that this is performing as expected. ISP DNS servers do contain information about private adresses that are in use on our network. If you are utilizing our DNS servers, you will see resolution of private IPs to ISP hostnames when appropriate. That will not occur using external DNS servers. You will see resolution of PTD hostnames to private IPs from external servers, but not IP resolution to hostnames. As long as reverse DNS (IP to hostname) is not propogating, things are functioning normally.
>
> so even from google public dns i see lookups that refer back to a private address space on my ISP's net.
>
> is that right ?
> -j