[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] strange problem resolving addresses
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
I have dealt with the same issue all morning. How many of you out there has
this affected? Is this a new DNS server hole? A problem with the root
servers? I have had to turn off internal DNS of my 10.x network to get some
of my critical systems going again, because it was affecting them.
Is there a fix??
Thanks,,
James Byrd
PC/LAN Manager
-----Original Message-----
From: Alex Johnston [mailto:AlexJohnston@tcbk.com]
Sent: Wednesday, April 21, 1999 12:07 PM
To: 'Larry Pesce'; uncleron@geocities.com;
fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] strange problem resolving addresses
NT here, last night all my RFC 1918 addressed devices began reporting there
address in the logs as read-rfc1918-for-details.iana.net as well.
This does prove a problem as any log files exported will now have
read-rfc1918-for-details.iana.net as the resolved address....any log
cruncher's defined queries are now worthless as all RFC1918 devices now have
one address... read-rfc1918-for-details.iana.net !! (GRRR)
How many other people have seen this? I thought it was my server unable to
handle load of name resolution...
But we now have two others, on different platforms, with the same symptoms
on the same day...
Anybody else want to volunteer info??
Alex
-----Original Message-----
From: Larry Pesce [SMTP:lp6356@alpha.rwu.edu]
Sent: Wednesday, April 21, 1999 8:43 AM
To: uncleron@geocities.com;
fw-1-mailinglist@lists.us.checkpoint.com
Subject: Re: [FW1] strange problem resolving addresses
I noticed a similar type of occurence today too...
We use HP OpenView to manage our network, and it automaticaly
discovers
nodes using ARP tables from routers. A few months ago we attached
our
network via ATM over Sonnet to another hospital, but HP OV did not
discover
anything across our ATM router to the other hospital....untill last
night.
And all of the other devices that were discovered at the other
hopital came
through with the same definition: read-rfc1918-for-details.iana.net
The other hospital uses a network 172.25.X.X and you are using
192.168.X.X which are NOT in the range of address reserved for
private
internal networks, although close. The reserved networks are listed
in
RFC1918.
I'm thinking the IANA did something to notify all of those users
that are
using IP classes that are not specifcaly reserved for private
internal use,
but are using addresses that are close???
Any one have any ideas?
-Larry
----- Original Message -----
From: <uncleron@geocities.com>
To: <fw-1-mailinglist@lists.us.checkpoint.com>
Sent: Wednesday, April 21, 1999 10:51 AM
Subject: [FW1] strange problem resolving addresses
>
> When I have address resolution turned on in the log viewer, my
private
> address machines (192.168.x.x) are resolved as read-rfc-1918-for
> -details.iana.net. This started yesterday with 1 or 2 machines,
this
> morning all of the machines which get their address via DHCP
resolve to
> this name. Firewall is 3.0b build 3083 on Solaris, no changes
have been
> made to the system since applying 3083 in January.
>
> Any ideas?
>
> Thanks,
>
> Ron
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the
instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
From bouncbot@us.checkpoint.com Wed Apr 21 08:57:39 1999
Return-Path: <bouncbot>
Received: by us.checkpoint.com (8.9.3/8.9.3/CPoak/1.3.7) id IAA15259
for jwright@us.checkpoint.com; Wed, 21 Apr 1999 08:57:38
-0700 (PDT)
Received: from hale-bopp.ts.checkpoint.com
(hale-bopp.ts.checkpoint.com [204.156.136.27])
by us.checkpoint.com (8.9.3/8.9.3/CPoak/1.3.7) with ESMTP id
IAA15249
for <bouncbot@oak.us.checkpoint.com>; Wed, 21 Apr 1999
08:57:37 -0700 (PDT)
From: owner-fw-1-mailinglist@us.checkpoint.com
Received: from softwhisper.us.checkpoint.com
(softwhisper.us.checkpoint.com [206.184.151.213])
by hale-bopp.ts.checkpoint.com (8.9.3/8.9.3/CPmx/1.1) with
ESMTP id KAA10983
for <bouncbot@oak.us.checkpoint.com>; Wed, 21 Apr 1999
10:57:35 -0500 (CDT)
Received: (from majordom@localhost)
by softwhisper.us.checkpoint.com
(8.9.3/8.9.3/CPsoftwhisper/1.2.1) id IAA06970;
Wed, 21 Apr 1999 08:57:34 -0700 (PDT)
Date: Wed, 21 Apr 1999 08:57:34 -0700 (PDT)
Message-Id: <199904211557.IAA06970@softwhisper.us.checkpoint.com>
To: owner-fw-1-mailinglist@lists.us.checkpoint.com
Subject: BOUNCE fw-1-mailinglist@lists.us.checkpoint.com:
Non-member submission from ["Larry Pesce" <lp6356@alpha.rwu.edu>]
X-Loop: bouncbot
Status: RO
Content-Length: 3573
Lines: 109
>From bouncbot Wed Apr 21 08:57:31 1999
Received: from hale-bopp.ts.checkpoint.com
(hale-bopp.ts.checkpoint.com [204.156.136.27])
by softwhisper.us.checkpoint.com
(8.9.3/8.9.3/CPsoftwhisper/1.2.1) with ESMTP id IAA06965
for <fw-1-mailinglist@lists.us.checkpoint.com>; Wed, 21 Apr
1999 08:57:31 -0700 (PDT)
Received: from alpha.rwu.edu (alpha.rwu.edu [12.15.139.2])
by hale-bopp.ts.checkpoint.com (8.9.3/8.9.3/CPmx/1.1) with
SMTP id KAA10901
for <fw-1-mailinglist@lists.us.checkpoint.com>; Wed, 21 Apr
1999 10:55:58 -0500 (CDT)
Received: from host205.wihri.org by alpha.rwu.edu
(5.65v4.0/1.1.19.2/28Dec98-0430PM)
id AA03387; Wed, 21 Apr 1999 11:49:45 -0400
Message-Id: <003501be8c0e$a7bf5e80$82118b9f@wihri.org>
From: "Larry Pesce" <lp6356@alpha.rwu.edu>
To: <uncleron@geocities.com>,
<fw-1-mailinglist@lists.us.checkpoint.com>
References: <371DE5EE.D5D28857@geocities.com>
Subject: Re: [FW1] strange problem resolving addresses
Date: Wed, 21 Apr 1999 11:49:26 -0400
Mime-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-Msmail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-Mimeole: Produced By Microsoft MimeOLE V5.00.2314.1300
More info....sent to me by someone
>Larry,
>I think I might have a bit of information for the puzzle :)
>Last year this happened to a few of our linux proxies when IANA did
>something :) But we wised up and setup host/dns entries for each of
the
>customer proxies that were effected, and future ones :)
>
>It looks like this time around, IANA have added reverse dns on
every
>single private ip address :
>
>nslookup 10.0.0.5 128.9.128.127
>Server: darkstar.isi.edu
>Address: 128.9.128.127
>
>Name: read-rfc1918-for-details.iana.net
>Address: 10.0.0.5
>
>[johnb@shell johnb]$ nslookup 10.0.5.5 128.9.128.127
>Server: darkstar.isi.edu
>Address: 128.9.128.127
>
>Name: read-rfc1918-for-details.iana.net
>Address: 10.0.5.5
>
>[johnb@shell johnb]$ nslookup 10.25.5.5 128.9.128.127
>Server: darkstar.isi.edu
>Address: 128.9.128.127
>
>Name: read-rfc1918-for-details.iana.net
>Address: 10.25.5.5
>
>[johnb@shell johnb]$ nslookup 172.16.40.4 128.9.128.127
>Server: darkstar.isi.edu
>Address: 128.9.128.127
>
>Name: read-rfc1918-for-details.iana.net
>Address: 172.16.40.4
>
>But the forward doesn't resolve :)
>
>I'm thinking iana did this because there are more idiot admins
popping up
>trying to announce 10.x networks on routers and stuff like that.
>
>Regards
>
>John Buswell
>Systems Administrator
>OneNet Communications, Inc.
>(513) 618-1000 - johnb@one.net
>
----- Original Message -----
From: <uncleron@geocities.com>
To: <fw-1-mailinglist@lists.us.checkpoint.com>
Sent: Wednesday, April 21, 1999 10:51 AM
Subject: [FW1] strange problem resolving addresses
>
> When I have address resolution turned on in the log viewer, my
private
> address machines (192.168.x.x) are resolved as read-rfc-1918-for
> -details.iana.net. This started yesterday with 1 or 2 machines,
this
> morning all of the machines which get their address via DHCP
resolve to
> this name. Firewall is 3.0b build 3083 on Solaris, no changes
have been
> made to the system since applying 3083 in January.
>
> Any ideas?
>
> Thanks,
>
> Ron
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the
instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
============================================================================
====
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================