[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] strange problem resolving addresses



    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Easy solution:

Add a scope to your DNS making it the Primary zone for your "fake"
addresses.

For example in BIND all you need to do is:

for 10.x.x.x range in named.boot add:
primary	.10.IN-ADDR.ARPA	rfc1918.db

for the 192.168.x.x range in named.boot add:
primary	168.192.IN-ADDR.ARPA	rfc1918.db

or whatever address range you use

then in the rfc1918.db file add the following:
@    IN SOA  server.domain.com. hostmaster.server.domain.com. (
                              1999033001 ; serial
                              10800      ; refresh
                              3600       ; retry
                              604800     ; expire
                              86400 )    ; minimum
          IN      NS        server.domain.com.

In MS DNS just create a zone for 10.IN-ADDR.ARPA or 168.192.IN-ADDR.ARPA and
make no entries in it.

This makes your DNS a primary server for your "fake" zone.  When your
software tries to resolve the address there, it will discover no address and
use the IPv4 decimal addresses(i.e. 10.1.1.1).

It's not totally legal, but as long as it works....

Daniel Katz
Jr. Network Specialist - Iona College


-----Original Message-----
From: Tag Morgan [mailto:tmorgan@softwaresystemsgroup.com]
Sent: Wednesday, April 21, 1999 1:10 PM
To: 'Firewall 1 Mailinglist'
Subject: RE: [FW1] strange problem resolving addresses



Yep.  They updated the inaddr.arpa root servers apparently.  Now all those
rfc1918 addresses are going to resolve to the same name.  Wasn't that nice
of them.


/*-----------------------------------*/
/* I live with FEAR every day.       */
/* But, sometimes, she lets me RACE. */
/*-----------------------------------*/

K.T. Morgan
Network Engineer
CCSA/CCSE
Software Systems Group, Inc.
(703) 913-0813x39 



> -----Original Message-----
> From: Alex Johnston [mailto:AlexJohnston@tcbk.com]
> Sent: Wednesday, April 21, 1999 1:07 PM
> To: 'Larry Pesce'; uncleron@geocities.com;
> fw-1-mailinglist@lists.us.checkpoint.com
> Subject: RE: [FW1] strange problem resolving addresses
> 
> 
> 
> NT here, last night all my RFC 1918 addressed devices began 
> reporting there
> address in the logs as read-rfc1918-for-details.iana.net as well.
> 
> This does prove a problem as any log files exported will now have
> read-rfc1918-for-details.iana.net as the resolved address....any log
> cruncher's defined queries are now worthless as all RFC1918 
> devices now have
> one address... read-rfc1918-for-details.iana.net !! (GRRR)
> 
> How many other people have seen this?  I thought it was my 
> server unable to
> handle load of name resolution...
> But we now have two others, on different platforms, with the 
> same symptoms
> on the same day...
> 
> Anybody else want to volunteer info??
> 
> Alex
> 
> 	-----Original Message-----
> 	From:	Larry Pesce [SMTP:lp6356@alpha.rwu.edu]
> 	Sent:	Wednesday, April 21, 1999 8:43 AM
> 	To:	uncleron@geocities.com;
> fw-1-mailinglist@lists.us.checkpoint.com
> 	Subject:	Re: [FW1] strange problem resolving addresses
> 
> 
> 	I noticed a similar type of occurence today too...
> 
> 	We use HP OpenView to manage our network, and it automaticaly
> discovers
> 	nodes using ARP tables from routers.  A few months ago 
> we attached
> our
> 	network via ATM over Sonnet to another hospital, but HP 
> OV did not
> discover
> 	anything across our ATM router to the other 
> hospital....untill last
> night.
> 	And all of the other devices that were discovered at the other
> hopital came
> 	through with the same definition: 
> read-rfc1918-for-details.iana.net
> 
> 	The other hospital uses a network 172.25.X.X and you are using
> 	192.168.X.X which are NOT in the range of address reserved for
> private
> 	internal networks, although close.  The reserved 
> networks are listed
> in
> 	RFC1918.
> 
> 	I'm thinking the IANA did something to notify all of those users
> that are
> 	using IP classes that are not specifcaly reserved for private
> internal use,
> 	but are using addresses that are close???
> 
> 	Any one have any ideas?
> 
> 	-Larry
> 
> 	----- Original Message -----
> 	From: <uncleron@geocities.com>
> 	To: <fw-1-mailinglist@lists.us.checkpoint.com>
> 	Sent: Wednesday, April 21, 1999 10:51 AM
> 	Subject: [FW1] strange problem resolving addresses
> 
> 
> 	>
> 	> When I have address resolution turned on in the log viewer, my
> private
> 	> address machines (192.168.x.x) are resolved as 
> read-rfc-1918-for
> 	> -details.iana.net.  This started yesterday with 1 or 
> 2 machines,
> this
> 	> morning all of the machines which get their address via DHCP
> resolve to
> 	> this name.  Firewall is 3.0b build 3083 on Solaris, no changes
> have been
> 	> made to the system since applying 3083 in January.
> 	>
> 	> Any ideas?
> 	>
> 	> Thanks,
> 	>
> 	> Ron
> 	>
> 	>
> 	>
> 	>
> 	
> ==============================================================
> ==============
> 	====
> 	>      To unsubscribe from this mailing list, please see the
> instructions at
> 	>                http://www.checkpoint.com/services/mailing.html
> 	>
> 	
> ==============================================================
> ==============
> 	====
> 	>
> 
> 	From bouncbot@us.checkpoint.com  Wed Apr 21 08:57:39 1999
> 	Return-Path: <bouncbot>
> 	Received: by us.checkpoint.com 
> (8.9.3/8.9.3/CPoak/1.3.7) id IAA15259
> 		for jwright@us.checkpoint.com; Wed, 21 Apr 1999 08:57:38
> -0700 (PDT)
> 	Received: from hale-bopp.ts.checkpoint.com
> (hale-bopp.ts.checkpoint.com [204.156.136.27])
> 		by us.checkpoint.com (8.9.3/8.9.3/CPoak/1.3.7) 
> with ESMTP id
> IAA15249
> 		for <bouncbot@oak.us.checkpoint.com>; Wed, 21 Apr 1999
> 08:57:37 -0700 (PDT)
> 	From: owner-fw-1-mailinglist@us.checkpoint.com
> 	Received: from softwhisper.us.checkpoint.com
> (softwhisper.us.checkpoint.com [206.184.151.213])
> 		by hale-bopp.ts.checkpoint.com 
> (8.9.3/8.9.3/CPmx/1.1) with
> ESMTP id KAA10983
> 		for <bouncbot@oak.us.checkpoint.com>; Wed, 21 Apr 1999
> 10:57:35 -0500 (CDT)
> 	Received: (from majordom@localhost)
> 		by softwhisper.us.checkpoint.com
> (8.9.3/8.9.3/CPsoftwhisper/1.2.1) id IAA06970;
> 		Wed, 21 Apr 1999 08:57:34 -0700 (PDT)
> 	Date: Wed, 21 Apr 1999 08:57:34 -0700 (PDT)
> 	Message-Id: 
> <199904211557.IAA06970@softwhisper.us.checkpoint.com>
> 	To: owner-fw-1-mailinglist@lists.us.checkpoint.com
> 	Subject: BOUNCE fw-1-mailinglist@lists.us.checkpoint.com:
> Non-member submission from ["Larry Pesce" <lp6356@alpha.rwu.edu>]   
> 	X-Loop: bouncbot
> 	Status: RO
> 	Content-Length: 3573
> 	Lines: 109
> 
> 	>From bouncbot  Wed Apr 21 08:57:31 1999
> 	Received: from hale-bopp.ts.checkpoint.com
> (hale-bopp.ts.checkpoint.com [204.156.136.27])
> 		by softwhisper.us.checkpoint.com
> (8.9.3/8.9.3/CPsoftwhisper/1.2.1) with ESMTP id IAA06965
> 		for <fw-1-mailinglist@lists.us.checkpoint.com>; 
> Wed, 21 Apr
> 1999 08:57:31 -0700 (PDT)
> 	Received: from alpha.rwu.edu (alpha.rwu.edu [12.15.139.2])
> 		by hale-bopp.ts.checkpoint.com 
> (8.9.3/8.9.3/CPmx/1.1) with
> SMTP id KAA10901
> 		for <fw-1-mailinglist@lists.us.checkpoint.com>; 
> Wed, 21 Apr
> 1999 10:55:58 -0500 (CDT)
> 	Received: from host205.wihri.org by alpha.rwu.edu
> (5.65v4.0/1.1.19.2/28Dec98-0430PM)
> 		id AA03387; Wed, 21 Apr 1999 11:49:45 -0400
> 	Message-Id: <003501be8c0e$a7bf5e80$82118b9f@wihri.org>
> 	From: "Larry Pesce" <lp6356@alpha.rwu.edu>
> 	To: <uncleron@geocities.com>,
> <fw-1-mailinglist@lists.us.checkpoint.com>
> 	References: <371DE5EE.D5D28857@geocities.com>
> 	Subject: Re: [FW1] strange problem resolving addresses
> 	Date: Wed, 21 Apr 1999 11:49:26 -0400
> 	Mime-Version: 1.0
> 	Content-Type: text/plain;
> 		charset="iso-8859-1"
> 	Content-Transfer-Encoding: 7bit
> 	X-Priority: 3
> 	X-Msmail-Priority: Normal
> 	X-Mailer: Microsoft Outlook Express 5.00.2314.1300
> 	X-Mimeole: Produced By Microsoft MimeOLE V5.00.2314.1300
> 
> 	More info....sent to me by someone
> 
> 	>Larry,
> 
> 	>I think I might have a bit of information for the puzzle :)
> 	>Last year this happened to a few of our linux proxies 
> when IANA did
> 	>something :) But we wised up and setup host/dns 
> entries for each of
> the
> 	>customer proxies that were effected, and future ones :)
> 	>
> 	>It looks like this time around, IANA have added reverse dns on
> every
> 	>single private ip address :
> 	>
> 	>nslookup 10.0.0.5 128.9.128.127
> 	>Server:  darkstar.isi.edu
> 	>Address:  128.9.128.127
> 	>
> 	>Name:    read-rfc1918-for-details.iana.net
> 	>Address:  10.0.0.5
> 	>
> 	>[johnb@shell johnb]$ nslookup 10.0.5.5 128.9.128.127
> 	>Server:  darkstar.isi.edu
> 	>Address:  128.9.128.127
> 	>
> 	>Name:    read-rfc1918-for-details.iana.net
> 	>Address:  10.0.5.5
> 	>
> 	>[johnb@shell johnb]$ nslookup 10.25.5.5 128.9.128.127
> 	>Server:  darkstar.isi.edu
> 	>Address:  128.9.128.127
> 	>
> 	>Name:    read-rfc1918-for-details.iana.net
> 	>Address:  10.25.5.5
> 	>
> 	>[johnb@shell johnb]$ nslookup 172.16.40.4 128.9.128.127
> 	>Server:  darkstar.isi.edu
> 	>Address:  128.9.128.127
> 	>
> 	>Name:    read-rfc1918-for-details.iana.net
> 	>Address:  172.16.40.4
> 	>
> 	>But the forward doesn't resolve :)
> 	>
> 	>I'm thinking iana did this because there are more idiot admins
> popping up
> 	>trying to announce 10.x networks on routers and stuff 
> like that.
> 	>
> 	>Regards
> 	>
> 	>John Buswell
> 	>Systems Administrator
> 	>OneNet Communications, Inc.
> 	>(513) 618-1000 - johnb@one.net
> 	>
> 
> 	----- Original Message -----
> 	From: <uncleron@geocities.com>
> 	To: <fw-1-mailinglist@lists.us.checkpoint.com>
> 	Sent: Wednesday, April 21, 1999 10:51 AM
> 	Subject: [FW1] strange problem resolving addresses
> 
> 
> 	>
> 	> When I have address resolution turned on in the log viewer, my
> private
> 	> address machines (192.168.x.x) are resolved as 
> read-rfc-1918-for
> 	> -details.iana.net.  This started yesterday with 1 or 
> 2 machines,
> this
> 	> morning all of the machines which get their address via DHCP
> resolve to
> 	> this name.  Firewall is 3.0b build 3083 on Solaris, no changes
> have been
> 	> made to the system since applying 3083 in January.
> 	>
> 	> Any ideas?
> 	>
> 	> Thanks,
> 	>
> 	> Ron
> 	>
> 	>
> 	>
> 	>
> 	
> ==============================================================
> ==============
> 	====
> 	>      To unsubscribe from this mailing list, please see the
> instructions at
> 	>                http://www.checkpoint.com/services/mailing.html
> 	>
> 	
> ==============================================================
> ==============
> 	====
> 	>
> 
> 
> 
> 	
> ==============================================================
> ==============
> ====
> 	     To unsubscribe from this mailing list, please see the
> instructions at
> 	               http://www.checkpoint.com/services/mailing.html
> 	
> ==============================================================
> ==============
> ====
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
> 


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================