In message <cagdn3fe22-rh0gcp3soym5d2snykex7_m7fdhj_kde00y9u...@mail.gmail.com> , Carlos Ribas writes: > Hello, > > I'm sending this message to see if I understood the meaning of " RFC > 1918 response from Internet" message logs. I read the FAQ of Bind [1], but > I have to be honest to say that I'm a litlle bit confused, since English is > not my first language. > > I'm using Bind 9.7.3 in a Debian server. It has a arquive named > zones.rfc1918 [2] that is enabled. I just took off the line refering to > 10.0.0.0 network because I'm using it in my organization. I have the > reverse configured for my network, eg: 1.0.10.in-addr.arpa, but I dont have > the reverse for the rest of this network.
Add a 10.in-addr.arpa zone to your configuration that delegates 1.0.10.in-addr.arpa. This will catch any leaks. $TTL 3600 @ SOA ns1.example.net. hostmaster.example.net 1 3600 1200 2419200 3600 @ NS ns1.example.net. @ NS ns2.example.net. 1.0 NS ns1.example.net. 1.0 NS ns2.example.net. > If, by mistake or not, a client asks for a address in the 10.0.2.0 > network, my server will querying the Internet's name servers for this > address once I dont have it configured and then I will receive message logs > about it [3]. Is that correct? > > [1] - http://www.bind9.net/BIND-FAQ > > [2] - zones.rfc1918 arquive: > zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > > zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; > > [3] Message logs: > 04-Apr-2012 18:15:25.099 security: client 10.0.1.13#47738: view internal: > RFC 1918 response from Internet for 50.2.0.10.in-addr.arpa > 04-Apr-2012 18:21:09.245 security: client 10.0.1.13#42000: view internal: > RFC 1918 response from Internet for 50.2.0.10.in-addr.arpa > > > Best regards, > > --------------------------------- > Carlos Eduardo Ribas > > --00248c6a671a32f51404bced3fd5 > Content-Type: text/html; charset=ISO-8859-1 > Content-Transfer-Encoding: quoted-printable > > Hello,<div><br></div><div><div>=A0 =A0 I'm sending this message to see = > if I understood the meaning of " RFC 1918 response from Internet"= > message logs. I read the FAQ of Bind [1], but I have to be honest to say t= > hat I'm a litlle bit confused, since English is not my first language.<= > /div> > <div><br></div><div>=A0 =A0 I'm using Bind 9.7.3 in a Debian server. It= > has a arquive named zones.rfc1918 [2] that is enabled. I just took off the= > line refering to 10.0.0.0 network because I'm using it in my organizat= > ion. I have the reverse configured for my network, eg: 1.0.10.in-addr.arpa,= > but I dont have the reverse for the rest of this network.</div> > </div><div><br></div><div>=A0 =A0 If, by mistake or not, a client asks for = > a address in the 10.0.2.0 network, my server will querying the Internet'= > ;s name servers for this address once I dont have it configured and then I = > will receive message logs about it [3]. Is that correct?=A0</div> > <div><br></div><div>[1] -=A0<a href=3D"http://www.bind9.net/BIND-FAQ";>http:= > //www.bind9.net/BIND-FAQ</a>=A0</div><div><br></div><div>[2] -=A0zones.rfc1= > 918 arquive:</div><div><div>zone "16.172.in-addr.arpa" =A0{ type = > master; file "/etc/bind/db.empty"; };</div> > <div>zone "17.172.in-addr.arpa" =A0{ type master; file "/etc= > /bind/db.empty"; };</div><div>zone "18.172.in-addr.arpa" =A0= > { type master; file "/etc/bind/db.empty"; };</div><div>zone "= > ;19.172.in-addr.arpa" =A0{ type master; file "/etc/bind/db.empty&= > quot;; };</div> > <div>zone "20.172.in-addr.arpa" =A0{ type master; file "/etc= > /bind/db.empty"; };</div><div>zone "21.172.in-addr.arpa" =A0= > { type master; file "/etc/bind/db.empty"; };</div><div>zone "= > ;22.172.in-addr.arpa" =A0{ type master; file "/etc/bind/db.empty&= > quot;; };</div> > <div>zone "23.172.in-addr.arpa" =A0{ type master; file "/etc= > /bind/db.empty"; };</div><div>zone "24.172.in-addr.arpa" =A0= > { type master; file "/etc/bind/db.empty"; };</div><div>zone "= > ;25.172.in-addr.arpa" =A0{ type master; file "/etc/bind/db.empty&= > quot;; };</div> > <div>zone "26.172.in-addr.arpa" =A0{ type master; file "/etc= > /bind/db.empty"; };</div><div>zone "27.172.in-addr.arpa" =A0= > { type master; file "/etc/bind/db.empty"; };</div><div>zone "= > ;28.172.in-addr.arpa" =A0{ type master; file "/etc/bind/db.empty&= > quot;; };</div> > <div>zone "29.172.in-addr.arpa" =A0{ type master; file "/etc= > /bind/db.empty"; };</div><div>zone "30.172.in-addr.arpa" =A0= > { type master; file "/etc/bind/db.empty"; };</div><div>zone "= > ;31.172.in-addr.arpa" =A0{ type master; file "/etc/bind/db.empty&= > quot;; };</div> > <div><br></div><div>zone "168.192.in-addr.arpa" { type master; fi= > le "/etc/bind/db.empty"; };</div></div><div><br></div><div>[3] Me= > ssage logs:</div><div><div>04-Apr-2012 18:15:25.099 security: client 10.0.1= > .13#47738: view internal: RFC 1918 response from Internet for 50.2.0.10.in-= > addr.arpa</div> > <div>04-Apr-2012 18:21:09.245 security: client 10.0.1.13#42000: view intern= > al: RFC 1918 response from Internet for 50.2.0.10.in-addr.arpa</div></div><= > div><br></div><div><br></div><div><div>Best regards,</div><div><br clear=3D= > "all"> > <div>---------------------------------</div><div>Carlos Eduardo Ribas</div>= > </div></div> > > --00248c6a671a32f51404bced3fd5-- > > --===============4492619599953994014== > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > --===============4492619599953994014==-- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
