[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] strange problem resolving addresses
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Steve,
That is the catch. I do have an internal DNS server. It has the problem.
I have server names set up in it so I could do a fake internal zone. The
DNS bypasses that now and looks up to the internet now for them. I have a
backup DNS on the outside. It really isn't affected because it never sees
10.x addresses just the legal NATted ones. Yes they do show up in my
firewall to, but I am not too worried about that.
Now how do I explain to users they have problems getting into the intranet
because some one out on the internet changed a setting. They will think I
was making it up. ;)
Yes it was a VERY stupid thing for them to do!
I have in contact with many other institutions with the same issue. It is
probably a global wide issue.
Thanks,
James Byrd
-----Original Message-----
From: Steve McBride [mailto:steve@zoneoftrust.com]
Sent: Wednesday, April 21, 1999 12:11 PM
To: 'JByrd@iucu.org'; AlexJohnston@tcbk.com; lp6356@alpha.rwu.edu;
uncleron@geocities.com; fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] strange problem resolving addresses
It is something that's on the root servers, I guess. Every nslookup I
do for an IP address in the RFC 1918 range comes back as named
"read-rfc1918-for-details.iana.net"
Pretty stupid thing to do - the only way around it that I know of is
either an internal DNS server or maybe a hosts file local to your
firewall.
Steve McBride
-----Original Message-----
From: JByrd@iucu.org [mailto:JByrd@iucu.org]
Sent: Wednesday, April 21, 1999 10:06 AM
To: AlexJohnston@tcbk.com; lp6356@alpha.rwu.edu; uncleron@geocities.com;
fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] strange problem resolving addresses
I have dealt with the same issue all morning. How many of you out there
has
this affected? Is this a new DNS server hole? A problem with the root
servers? I have had to turn off internal DNS of my 10.x network to get
some
of my critical systems going again, because it was affecting them.
Is there a fix??
Thanks,,
James Byrd
PC/LAN Manager
-----Original Message-----
From: Alex Johnston [mailto:AlexJohnston@tcbk.com]
Sent: Wednesday, April 21, 1999 12:07 PM
To: 'Larry Pesce'; uncleron@geocities.com;
fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] strange problem resolving addresses
NT here, last night all my RFC 1918 addressed devices began reporting
there
address in the logs as read-rfc1918-for-details.iana.net as well.
This does prove a problem as any log files exported will now have
read-rfc1918-for-details.iana.net as the resolved address....any log
cruncher's defined queries are now worthless as all RFC1918 devices now
have
one address... read-rfc1918-for-details.iana.net !! (GRRR)
How many other people have seen this? I thought it was my server unable
to
handle load of name resolution...
But we now have two others, on different platforms, with the same
symptoms
on the same day...
Anybody else want to volunteer info??
Alex
-----Original Message-----
From: Larry Pesce [SMTP:lp6356@alpha.rwu.edu]
Sent: Wednesday, April 21, 1999 8:43 AM
To: uncleron@geocities.com;
fw-1-mailinglist@lists.us.checkpoint.com
Subject: Re: [FW1] strange problem resolving addresses
I noticed a similar type of occurence today too...
We use HP OpenView to manage our network, and it automaticaly
discovers
nodes using ARP tables from routers. A few months ago we
attached
our
network via ATM over Sonnet to another hospital, but HP OV did
not
discover
anything across our ATM router to the other hospital....untill
last
night.
And all of the other devices that were discovered at the other
hopital came
through with the same definition:
read-rfc1918-for-details.iana.net
The other hospital uses a network 172.25.X.X and you are using
192.168.X.X which are NOT in the range of address reserved for
private
internal networks, although close. The reserved networks are
listed
in
RFC1918.
I'm thinking the IANA did something to notify all of those users
that are
using IP classes that are not specifcaly reserved for private
internal use,
but are using addresses that are close???
Any one have any ideas?
-Larry
----- Original Message -----
From: <uncleron@geocities.com>
To: <fw-1-mailinglist@lists.us.checkpoint.com>
Sent: Wednesday, April 21, 1999 10:51 AM
Subject: [FW1] strange problem resolving addresses
>
> When I have address resolution turned on in the log viewer, my
private
> address machines (192.168.x.x) are resolved as
read-rfc-1918-for
> -details.iana.net. This started yesterday with 1 or 2
machines,
this
> morning all of the machines which get their address via DHCP
resolve to
> this name. Firewall is 3.0b build 3083 on Solaris, no changes
have been
> made to the system since applying 3083 in January.
>
> Any ideas?
>
> Thanks,
>
> Ron
>
>
>
>
========================================================================
====
====
> To unsubscribe from this mailing list, please see the
instructions at
> http://www.checkpoint.com/services/mailing.html
>
========================================================================
====
====
>
From bouncbot@us.checkpoint.com Wed Apr 21 08:57:39 1999
Return-Path: <bouncbot>
Received: by us.checkpoint.com (8.9.3/8.9.3/CPoak/1.3.7) id
IAA15259
for jwright@us.checkpoint.com; Wed, 21 Apr 1999 08:57:38
-0700 (PDT)
Received: from hale-bopp.ts.checkpoint.com
(hale-bopp.ts.checkpoint.com [204.156.136.27])
by us.checkpoint.com (8.9.3/8.9.3/CPoak/1.3.7) with
ESMTP id
IAA15249
for <bouncbot@oak.us.checkpoint.com>; Wed, 21 Apr 1999
08:57:37 -0700 (PDT)
From: owner-fw-1-mailinglist@us.checkpoint.com
Received: from softwhisper.us.checkpoint.com
(softwhisper.us.checkpoint.com [206.184.151.213])
by hale-bopp.ts.checkpoint.com (8.9.3/8.9.3/CPmx/1.1)
with
ESMTP id KAA10983
for <bouncbot@oak.us.checkpoint.com>; Wed, 21 Apr 1999
10:57:35 -0500 (CDT)
Received: (from majordom@localhost)
by softwhisper.us.checkpoint.com
(8.9.3/8.9.3/CPsoftwhisper/1.2.1) id IAA06970;
Wed, 21 Apr 1999 08:57:34 -0700 (PDT)
Date: Wed, 21 Apr 1999 08:57:34 -0700 (PDT)
Message-Id:
<199904211557.IAA06970@softwhisper.us.checkpoint.com>
To: owner-fw-1-mailinglist@lists.us.checkpoint.com
Subject: BOUNCE fw-1-mailinglist@lists.us.checkpoint.com:
Non-member submission from ["Larry Pesce" <lp6356@alpha.rwu.edu>]
X-Loop: bouncbot
Status: RO
Content-Length: 3573
Lines: 109
>From bouncbot Wed Apr 21 08:57:31 1999
Received: from hale-bopp.ts.checkpoint.com
(hale-bopp.ts.checkpoint.com [204.156.136.27])
by softwhisper.us.checkpoint.com
(8.9.3/8.9.3/CPsoftwhisper/1.2.1) with ESMTP id IAA06965
for <fw-1-mailinglist@lists.us.checkpoint.com>; Wed, 21
Apr
1999 08:57:31 -0700 (PDT)
Received: from alpha.rwu.edu (alpha.rwu.edu [12.15.139.2])
by hale-bopp.ts.checkpoint.com (8.9.3/8.9.3/CPmx/1.1)
with
SMTP id KAA10901
for <fw-1-mailinglist@lists.us.checkpoint.com>; Wed, 21
Apr
1999 10:55:58 -0500 (CDT)
Received: from host205.wihri.org by alpha.rwu.edu
(5.65v4.0/1.1.19.2/28Dec98-0430PM)
id AA03387; Wed, 21 Apr 1999 11:49:45 -0400
Message-Id: <003501be8c0e$a7bf5e80$82118b9f@wihri.org>
From: "Larry Pesce" <lp6356@alpha.rwu.edu>
To: <uncleron@geocities.com>,
<fw-1-mailinglist@lists.us.checkpoint.com>
References: <371DE5EE.D5D28857@geocities.com>
Subject: Re: [FW1] strange problem resolving addresses
Date: Wed, 21 Apr 1999 11:49:26 -0400
Mime-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-Msmail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-Mimeole: Produced By Microsoft MimeOLE V5.00.2314.1300
More info....sent to me by someone
>Larry,
>I think I might have a bit of information for the puzzle :)
>Last year this happened to a few of our linux proxies when IANA
did
>something :) But we wised up and setup host/dns entries for
each of
the
>customer proxies that were effected, and future ones :)
>
>It looks like this time around, IANA have added reverse dns on
every
>single private ip address :
>
>nslookup 10.0.0.5 128.9.128.127
>Server: darkstar.isi.edu
>Address: 128.9.128.127
>
>Name: read-rfc1918-for-details.iana.net
>Address: 10.0.0.5
>
>[johnb@shell johnb]$ nslookup 10.0.5.5 128.9.128.127
>Server: darkstar.isi.edu
>Address: 128.9.128.127
>
>Name: read-rfc1918-for-details.iana.net
>Address: 10.0.5.5
>
>[johnb@shell johnb]$ nslookup 10.25.5.5 128.9.128.127
>Server: darkstar.isi.edu
>Address: 128.9.128.127
>
>Name: read-rfc1918-for-details.iana.net
>Address: 10.25.5.5
>
>[johnb@shell johnb]$ nslookup 172.16.40.4 128.9.128.127
>Server: darkstar.isi.edu
>Address: 128.9.128.127
>
>Name: read-rfc1918-for-details.iana.net
>Address: 172.16.40.4
>
>But the forward doesn't resolve :)
>
>I'm thinking iana did this because there are more idiot admins
popping up
>trying to announce 10.x networks on routers and stuff like
that.
>
>Regards
>
>John Buswell
>Systems Administrator
>OneNet Communications, Inc.
>(513) 618-1000 - johnb@one.net
>
----- Original Message -----
From: <uncleron@geocities.com>
To: <fw-1-mailinglist@lists.us.checkpoint.com>
Sent: Wednesday, April 21, 1999 10:51 AM
Subject: [FW1] strange problem resolving addresses
>
> When I have address resolution turned on in the log viewer, my
private
> address machines (192.168.x.x) are resolved as
read-rfc-1918-for
> -details.iana.net. This started yesterday with 1 or 2
machines,
this
> morning all of the machines which get their address via DHCP
resolve to
> this name. Firewall is 3.0b build 3083 on Solaris, no changes
have been
> made to the system since applying 3083 in January.
>
> Any ideas?
>
> Thanks,
>
> Ron
>
>
>
>
========================================================================
====
====
> To unsubscribe from this mailing list, please see the
instructions at
> http://www.checkpoint.com/services/mailing.html
>
========================================================================
====
====
>
========================================================================
====
====
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
========================================================================
====
====
========================================================================
====
====
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html
========================================================================
====
====
========================================================================
========
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html
========================================================================
========
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================