[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] strange problem resolving addresses



    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


I have dealt with the same issue all morning.  How many of you out there has
this affected?  Is this a new DNS server hole?  A problem with the root
servers?  I have had to turn off internal DNS of my 10.x network to get some
of my critical systems going again, because it was affecting them.  

Is there a fix?? 

Thanks,,
James Byrd
PC/LAN Manager 

-----Original Message-----
From: Alex Johnston [mailto:AlexJohnston@tcbk.com]
Sent: Wednesday, April 21, 1999 12:07 PM
To: 'Larry Pesce'; uncleron@geocities.com;
fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] strange problem resolving addresses



NT here, last night all my RFC 1918 addressed devices began reporting there
address in the logs as read-rfc1918-for-details.iana.net as well.

This does prove a problem as any log files exported will now have
read-rfc1918-for-details.iana.net as the resolved address....any log
cruncher's defined queries are now worthless as all RFC1918 devices now have
one address... read-rfc1918-for-details.iana.net !! (GRRR)

How many other people have seen this?  I thought it was my server unable to
handle load of name resolution...
But we now have two others, on different platforms, with the same symptoms
on the same day...

Anybody else want to volunteer info??

Alex

	-----Original Message-----
	From:	Larry Pesce [SMTP:lp6356@alpha.rwu.edu]
	Sent:	Wednesday, April 21, 1999 8:43 AM
	To:	uncleron@geocities.com;
fw-1-mailinglist@lists.us.checkpoint.com
	Subject:	Re: [FW1] strange problem resolving addresses


	I noticed a similar type of occurence today too...

	We use HP OpenView to manage our network, and it automaticaly
discovers
	nodes using ARP tables from routers.  A few months ago we attached
our
	network via ATM over Sonnet to another hospital, but HP OV did not
discover
	anything across our ATM router to the other hospital....untill last
night.
	And all of the other devices that were discovered at the other
hopital came
	through with the same definition: read-rfc1918-for-details.iana.net

	The other hospital uses a network 172.25.X.X and you are using
	192.168.X.X which are NOT in the range of address reserved for
private
	internal networks, although close.  The reserved networks are listed
in
	RFC1918.

	I'm thinking the IANA did something to notify all of those users
that are
	using IP classes that are not specifcaly reserved for private
internal use,
	but are using addresses that are close???

	Any one have any ideas?

	-Larry

	----- Original Message -----
	From: <uncleron@geocities.com>
	To: <fw-1-mailinglist@lists.us.checkpoint.com>
	Sent: Wednesday, April 21, 1999 10:51 AM
	Subject: [FW1] strange problem resolving addresses


	>
	> When I have address resolution turned on in the log viewer, my
private
	> address machines (192.168.x.x) are resolved as read-rfc-1918-for
	> -details.iana.net.  This started yesterday with 1 or 2 machines,
this
	> morning all of the machines which get their address via DHCP
resolve to
	> this name.  Firewall is 3.0b build 3083 on Solaris, no changes
have been
	> made to the system since applying 3083 in January.
	>
	> Any ideas?
	>
	> Thanks,
	>
	> Ron
	>
	>
	>
	>
	
============================================================================
	====
	>      To unsubscribe from this mailing list, please see the
instructions at
	>                http://www.checkpoint.com/services/mailing.html
	>
	
============================================================================
	====
	>

	From bouncbot@us.checkpoint.com  Wed Apr 21 08:57:39 1999
	Return-Path: <bouncbot>
	Received: by us.checkpoint.com (8.9.3/8.9.3/CPoak/1.3.7) id IAA15259
		for jwright@us.checkpoint.com; Wed, 21 Apr 1999 08:57:38
-0700 (PDT)
	Received: from hale-bopp.ts.checkpoint.com
(hale-bopp.ts.checkpoint.com [204.156.136.27])
		by us.checkpoint.com (8.9.3/8.9.3/CPoak/1.3.7) with ESMTP id
IAA15249
		for <bouncbot@oak.us.checkpoint.com>; Wed, 21 Apr 1999
08:57:37 -0700 (PDT)
	From: owner-fw-1-mailinglist@us.checkpoint.com
	Received: from softwhisper.us.checkpoint.com
(softwhisper.us.checkpoint.com [206.184.151.213])
		by hale-bopp.ts.checkpoint.com (8.9.3/8.9.3/CPmx/1.1) with
ESMTP id KAA10983
		for <bouncbot@oak.us.checkpoint.com>; Wed, 21 Apr 1999
10:57:35 -0500 (CDT)
	Received: (from majordom@localhost)
		by softwhisper.us.checkpoint.com
(8.9.3/8.9.3/CPsoftwhisper/1.2.1) id IAA06970;
		Wed, 21 Apr 1999 08:57:34 -0700 (PDT)
	Date: Wed, 21 Apr 1999 08:57:34 -0700 (PDT)
	Message-Id: <199904211557.IAA06970@softwhisper.us.checkpoint.com>
	To: owner-fw-1-mailinglist@lists.us.checkpoint.com
	Subject: BOUNCE fw-1-mailinglist@lists.us.checkpoint.com:
Non-member submission from ["Larry Pesce" <lp6356@alpha.rwu.edu>]   
	X-Loop: bouncbot
	Status: RO
	Content-Length: 3573
	Lines: 109

	>From bouncbot  Wed Apr 21 08:57:31 1999
	Received: from hale-bopp.ts.checkpoint.com
(hale-bopp.ts.checkpoint.com [204.156.136.27])
		by softwhisper.us.checkpoint.com
(8.9.3/8.9.3/CPsoftwhisper/1.2.1) with ESMTP id IAA06965
		for <fw-1-mailinglist@lists.us.checkpoint.com>; Wed, 21 Apr
1999 08:57:31 -0700 (PDT)
	Received: from alpha.rwu.edu (alpha.rwu.edu [12.15.139.2])
		by hale-bopp.ts.checkpoint.com (8.9.3/8.9.3/CPmx/1.1) with
SMTP id KAA10901
		for <fw-1-mailinglist@lists.us.checkpoint.com>; Wed, 21 Apr
1999 10:55:58 -0500 (CDT)
	Received: from host205.wihri.org by alpha.rwu.edu
(5.65v4.0/1.1.19.2/28Dec98-0430PM)
		id AA03387; Wed, 21 Apr 1999 11:49:45 -0400
	Message-Id: <003501be8c0e$a7bf5e80$82118b9f@wihri.org>
	From: "Larry Pesce" <lp6356@alpha.rwu.edu>
	To: <uncleron@geocities.com>,
<fw-1-mailinglist@lists.us.checkpoint.com>
	References: <371DE5EE.D5D28857@geocities.com>
	Subject: Re: [FW1] strange problem resolving addresses
	Date: Wed, 21 Apr 1999 11:49:26 -0400
	Mime-Version: 1.0
	Content-Type: text/plain;
		charset="iso-8859-1"
	Content-Transfer-Encoding: 7bit
	X-Priority: 3
	X-Msmail-Priority: Normal
	X-Mailer: Microsoft Outlook Express 5.00.2314.1300
	X-Mimeole: Produced By Microsoft MimeOLE V5.00.2314.1300

	More info....sent to me by someone

	>Larry,

	>I think I might have a bit of information for the puzzle :)
	>Last year this happened to a few of our linux proxies when IANA did
	>something :) But we wised up and setup host/dns entries for each of
the
	>customer proxies that were effected, and future ones :)
	>
	>It looks like this time around, IANA have added reverse dns on
every
	>single private ip address :
	>
	>nslookup 10.0.0.5 128.9.128.127
	>Server:  darkstar.isi.edu
	>Address:  128.9.128.127
	>
	>Name:    read-rfc1918-for-details.iana.net
	>Address:  10.0.0.5
	>
	>[johnb@shell johnb]$ nslookup 10.0.5.5 128.9.128.127
	>Server:  darkstar.isi.edu
	>Address:  128.9.128.127
	>
	>Name:    read-rfc1918-for-details.iana.net
	>Address:  10.0.5.5
	>
	>[johnb@shell johnb]$ nslookup 10.25.5.5 128.9.128.127
	>Server:  darkstar.isi.edu
	>Address:  128.9.128.127
	>
	>Name:    read-rfc1918-for-details.iana.net
	>Address:  10.25.5.5
	>
	>[johnb@shell johnb]$ nslookup 172.16.40.4 128.9.128.127
	>Server:  darkstar.isi.edu
	>Address:  128.9.128.127
	>
	>Name:    read-rfc1918-for-details.iana.net
	>Address:  172.16.40.4
	>
	>But the forward doesn't resolve :)
	>
	>I'm thinking iana did this because there are more idiot admins
popping up
	>trying to announce 10.x networks on routers and stuff like that.
	>
	>Regards
	>
	>John Buswell
	>Systems Administrator
	>OneNet Communications, Inc.
	>(513) 618-1000 - johnb@one.net
	>

	----- Original Message -----
	From: <uncleron@geocities.com>
	To: <fw-1-mailinglist@lists.us.checkpoint.com>
	Sent: Wednesday, April 21, 1999 10:51 AM
	Subject: [FW1] strange problem resolving addresses


	>
	> When I have address resolution turned on in the log viewer, my
private
	> address machines (192.168.x.x) are resolved as read-rfc-1918-for
	> -details.iana.net.  This started yesterday with 1 or 2 machines,
this
	> morning all of the machines which get their address via DHCP
resolve to
	> this name.  Firewall is 3.0b build 3083 on Solaris, no changes
have been
	> made to the system since applying 3083 in January.
	>
	> Any ideas?
	>
	> Thanks,
	>
	> Ron
	>
	>
	>
	>
	
============================================================================
	====
	>      To unsubscribe from this mailing list, please see the
instructions at
	>                http://www.checkpoint.com/services/mailing.html
	>
	
============================================================================
	====
	>



	
============================================================================
====
	     To unsubscribe from this mailing list, please see the
instructions at
	               http://www.checkpoint.com/services/mailing.html
	
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================