[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] strange problem resolving addresses
Tag,
So what happened yesterday? I thought that I had my internal DNS setup to
resolve or not resolve all my "private" IP addresses, but I still had
problems. Is anyone claiming responsiblity for this mess? I haven't seen
anything in any of the larger Internet news magazines?
Thanks,
Stewart Rae
Tag Morgan <tmorgan@softwaresystemsgroup.com> on 04/21/99 02:03:49 PM
To: "'Firewall 1 Mailinglist'"
<fw-1-mailinglist@lists.us.checkpoint.com>
cc: (bcc: STEWART RAE/GUTHRIE)
Subject: RE: [FW1] strange problem resolving addresses
The gentlman responsible for the root servers for IANA is not answering his
phone currently, and his voice mail box is full. (hrmmm.... wonder why...
maybe ten thousand network admins calling to ask WTF????) I have an email
address for him and will send an inquiry. Should be interesting to see
what
he says about it.
/*-----------------------------------*/
/* I live with FEAR every day. */
/* But, sometimes, she lets me RACE. */
/*-----------------------------------*/
K.T. Morgan
Network Engineer
CCSA/CCSE
Software Systems Group, Inc.
(703) 913-0813x39
> -----Original Message-----
> From: Paquette, Trevor [mailto:TrevorPaquette@metronet.ca]
> Sent: Wednesday, April 21, 1999 1:30 PM
> To: fw-1-mailinglist@lists.us.checkpoint.com; 'iana@iana.org'
> Subject: RE: [FW1] strange problem resolving addresses
>
>
>
> looks like iana.org is now providing the reverse mapping for
> all RFC-1918
> space..
>
> sigh.. which they would let us all know beforehand!
>
> IANA: Please tell us why you have decided to provide this
> reverse mapping.
>
> gate# whois -h whois.arin.net 10.0.0.0
> IANA (RESERVED-6)
> Internet Assigned Numbers Authority
> Information Sciences Institute
> University of Southern California
> 4676 Admiralty Way, Suite 1001
> Marina del Rey, CA 90292-6695
>
> Netname: RESERVED-10
> Netblock: 10.0.0.0 - 10.255.255.255
>
> Coordinator:
> Internet Assigned Numbers Authority (IANA-ARIN) iana@iana.org
> (310) 822-1511
>
> Domain System inverse mapping provided by:
>
> BLACKHOLE.ISI.EDU 128.9.64.26
> NS2.INTERNIC.NET 198.41.0.11
>
> Record last updated on 26-Sep-98.
> Database last updated on 20-Apr-99 16:13:58 EDT.
>
> The ARIN Registration Services Host contains ONLY Internet
> Network Information: Networks, ASN's, and related POC's.
> Please use the whois server at rs.internic.net for DOMAIN related
> Information and nic.mil for NIPRNET Information.
>
> gate# nslookup
> Default Server: localhost
> Address: 127.0.0.1
>
> > lserver BLACKHOLE.ISI.EDU
> Default Server: BLACKHOLE.ISI.EDU
> Address: 128.9.64.26
>
> > 10.1.1.1
> Server: BLACKHOLE.ISI.EDU
> Address: 128.9.64.26
>
> Name: read-rfc1918-for-details.iana.net
> Address: 10.1.1.1
>
> > 192.168.1.1
> Server: BLACKHOLE.ISI.EDU
> Address: 128.9.64.26
>
> Name: read-rfc1918-for-details.iana.net
> Address: 192.168.1.1
>
> > 172.16.1.1
> Server: BLACKHOLE.ISI.EDU
> Address: 128.9.64.26
>
> Name: read-rfc1918-for-details.iana.net
> Address: 172.16.1.1
>
> >
>
> > -----Original Message-----
> > From: Alex Johnston [SMTP:AlexJohnston@tcbk.com]
> > Sent: Wednesday, April 21, 1999 11:07 AM
> > To: 'Larry Pesce'; uncleron@geocities.com;
> > fw-1-mailinglist@lists.us.checkpoint.com
> > Subject: RE: [FW1] strange problem resolving addresses
> >
> >
> > NT here, last night all my RFC 1918 addressed devices began
> reporting
> > there
> > address in the logs as read-rfc1918-for-details.iana.net as well.
> >
> > This does prove a problem as any log files exported will now have
> > read-rfc1918-for-details.iana.net as the resolved address....any log
> > cruncher's defined queries are now worthless as all RFC1918
> devices now
> > have
> > one address... read-rfc1918-for-details.iana.net !! (GRRR)
> >
> > How many other people have seen this? I thought it was my
> server unable
> > to
> > handle load of name resolution...
> > But we now have two others, on different platforms, with
> the same symptoms
> > on the same day...
> >
> > Anybody else want to volunteer info??
> >
> > Alex
> >
> > -----Original Message-----
> > From: Larry Pesce [SMTP:lp6356@alpha.rwu.edu]
> > Sent: Wednesday, April 21, 1999 8:43 AM
> > To: uncleron@geocities.com;
> > fw-1-mailinglist@lists.us.checkpoint.com
> > Subject: Re: [FW1] strange problem resolving addresses
> >
> >
> > I noticed a similar type of occurence today too...
> >
> > We use HP OpenView to manage our network, and it automaticaly
> > discovers
> > nodes using ARP tables from routers. A few months ago
> we attached
> > our
> > network via ATM over Sonnet to another hospital, but HP
> OV did not
> > discover
> > anything across our ATM router to the other
> hospital....untill last
> > night.
> > And all of the other devices that were discovered at the other
> > hopital came
> > through with the same definition:
> read-rfc1918-for-details.iana.net
> >
> > The other hospital uses a network 172.25.X.X and you are using
> > 192.168.X.X which are NOT in the range of address reserved for
> > private
> > internal networks, although close. The reserved
> networks are listed
> > in
> > RFC1918.
> >
> > I'm thinking the IANA did something to notify all of those users
> > that are
> > using IP classes that are not specifcaly reserved for private
> > internal use,
> > but are using addresses that are close???
> >
> > Any one have any ideas?
> >
> > -Larry
> >
> > ----- Original Message -----
> > From: <uncleron@geocities.com>
> > To: <fw-1-mailinglist@lists.us.checkpoint.com>
> > Sent: Wednesday, April 21, 1999 10:51 AM
> > Subject: [FW1] strange problem resolving addresses
> >
> >
> > >
> > > When I have address resolution turned on in the log viewer, my
> > private
> > > address machines (192.168.x.x) are resolved as
> read-rfc-1918-for
> > > -details.iana.net. This started yesterday with 1 or
> 2 machines,
> > this
> > > morning all of the machines which get their address via DHCP
> > resolve to
> > > this name. Firewall is 3.0b build 3083 on Solaris, no changes
> > have been
> > > made to the system since applying 3083 in January.
> > >
> > > Any ideas?
> > >
> > > Thanks,
> > >
> > > Ron
> > >
> > >
> > >
> > >
> >
> >
> ==============================================================
> ============
> > ==
> > ====
> > > To unsubscribe from this mailing list, please see the
> > instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > >
> >
> >
> ==============================================================
> ============
> > ==
> > ====
> > >
> >
> > From bouncbot@us.checkpoint.com Wed Apr 21 08:57:39 1999
> > Return-Path: <bouncbot>
> > Received: by us.checkpoint.com
> (8.9.3/8.9.3/CPoak/1.3.7) id IAA15259
> > for jwright@us.checkpoint.com; Wed, 21 Apr 1999 08:57:38
> > -0700 (PDT)
> > Received: from hale-bopp.ts.checkpoint.com
> > (hale-bopp.ts.checkpoint.com [204.156.136.27])
> > by us.checkpoint.com (8.9.3/8.9.3/CPoak/1.3.7)
> with ESMTP id
> > IAA15249
> > for <bouncbot@oak.us.checkpoint.com>; Wed, 21 Apr 1999
> > 08:57:37 -0700 (PDT)
> > From: owner-fw-1-mailinglist@us.checkpoint.com
> > Received: from softwhisper.us.checkpoint.com
> > (softwhisper.us.checkpoint.com [206.184.151.213])
> > by hale-bopp.ts.checkpoint.com
> (8.9.3/8.9.3/CPmx/1.1) with
> > ESMTP id KAA10983
> > for <bouncbot@oak.us.checkpoint.com>; Wed, 21 Apr 1999
> > 10:57:35 -0500 (CDT)
> > Received: (from majordom@localhost)
> > by softwhisper.us.checkpoint.com
> > (8.9.3/8.9.3/CPsoftwhisper/1.2.1) id IAA06970;
> > Wed, 21 Apr 1999 08:57:34 -0700 (PDT)
> > Date: Wed, 21 Apr 1999 08:57:34 -0700 (PDT)
> > Message-Id:
> <199904211557.IAA06970@softwhisper.us.checkpoint.com>
> > To: owner-fw-1-mailinglist@lists.us.checkpoint.com
> > Subject: BOUNCE fw-1-mailinglist@lists.us.checkpoint.com:
> > Non-member submission from ["Larry Pesce" <lp6356@alpha.rwu.edu>]
> > X-Loop: bouncbot
> > Status: RO
> > Content-Length: 3573
> > Lines: 109
> >
> > >From bouncbot Wed Apr 21 08:57:31 1999
> > Received: from hale-bopp.ts.checkpoint.com
> > (hale-bopp.ts.checkpoint.com [204.156.136.27])
> > by softwhisper.us.checkpoint.com
> > (8.9.3/8.9.3/CPsoftwhisper/1.2.1) with ESMTP id IAA06965
> > for <fw-1-mailinglist@lists.us.checkpoint.com>;
> Wed, 21 Apr
> > 1999 08:57:31 -0700 (PDT)
> > Received: from alpha.rwu.edu (alpha.rwu.edu [12.15.139.2])
> > by hale-bopp.ts.checkpoint.com
> (8.9.3/8.9.3/CPmx/1.1) with
> > SMTP id KAA10901
> > for <fw-1-mailinglist@lists.us.checkpoint.com>;
> Wed, 21 Apr
> > 1999 10:55:58 -0500 (CDT)
> > Received: from host205.wihri.org by alpha.rwu.edu
> > (5.65v4.0/1.1.19.2/28Dec98-0430PM)
> > id AA03387; Wed, 21 Apr 1999 11:49:45 -0400
> > Message-Id: <003501be8c0e$a7bf5e80$82118b9f@wihri.org>
> > From: "Larry Pesce" <lp6356@alpha.rwu.edu>
> > To: <uncleron@geocities.com>,
> > <fw-1-mailinglist@lists.us.checkpoint.com>
> > References: <371DE5EE.D5D28857@geocities.com>
> > Subject: Re: [FW1] strange problem resolving addresses
> > Date: Wed, 21 Apr 1999 11:49:26 -0400
> > Mime-Version: 1.0
> > Content-Type: text/plain;
> > charset="iso-8859-1"
> > Content-Transfer-Encoding: 7bit
> > X-Priority: 3
> > X-Msmail-Priority: Normal
> > X-Mailer: Microsoft Outlook Express 5.00.2314.1300
> > X-Mimeole: Produced By Microsoft MimeOLE V5.00.2314.1300
> >
> > More info....sent to me by someone
> >
> > >Larry,
> >
> > >I think I might have a bit of information for the puzzle :)
> > >Last year this happened to a few of our linux proxies
> when IANA did
> > >something :) But we wised up and setup host/dns
> entries for each of
> > the
> > >customer proxies that were effected, and future ones :)
> > >
> > >It looks like this time around, IANA have added reverse dns on
> > every
> > >single private ip address :
> > >
> > >nslookup 10.0.0.5 128.9.128.127
> > >Server: darkstar.isi.edu
> > >Address: 128.9.128.127
> > >
> > >Name: read-rfc1918-for-details.iana.net
> > >Address: 10.0.0.5
> > >
> > >[johnb@shell johnb]$ nslookup 10.0.5.5 128.9.128.127
> > >Server: darkstar.isi.edu
> > >Address: 128.9.128.127
> > >
> > >Name: read-rfc1918-for-details.iana.net
> > >Address: 10.0.5.5
> > >
> > >[johnb@shell johnb]$ nslookup 10.25.5.5 128.9.128.127
> > >Server: darkstar.isi.edu
> > >Address: 128.9.128.127
> > >
> > >Name: read-rfc1918-for-details.iana.net
> > >Address: 10.25.5.5
> > >
> > >[johnb@shell johnb]$ nslookup 172.16.40.4 128.9.128.127
> > >Server: darkstar.isi.edu
> > >Address: 128.9.128.127
> > >
> > >Name: read-rfc1918-for-details.iana.net
> > >Address: 172.16.40.4
> > >
> > >But the forward doesn't resolve :)
> > >
> > >I'm thinking iana did this because there are more idiot admins
> > popping up
> > >trying to announce 10.x networks on routers and stuff
> like that.
> > >
> > >Regards
> > >
> > >John Buswell
> > >Systems Administrator
> > >OneNet Communications, Inc.
> > >(513) 618-1000 - johnb@one.net
> > >
> >
> > ----- Original Message -----
> > From: <uncleron@geocities.com>
> > To: <fw-1-mailinglist@lists.us.checkpoint.com>
> > Sent: Wednesday, April 21, 1999 10:51 AM
> > Subject: [FW1] strange problem resolving addresses
> >
> >
> > >
> > > When I have address resolution turned on in the log viewer, my
> > private
> > > address machines (192.168.x.x) are resolved as
> read-rfc-1918-for
> > > -details.iana.net. This started yesterday with 1 or
> 2 machines,
> > this
> > > morning all of the machines which get their address via DHCP
> > resolve to
> > > this name. Firewall is 3.0b build 3083 on Solaris, no changes
> > have been
> > > made to the system since applying 3083 in January.
> > >
> > > Any ideas?
> > >
> > > Thanks,
> > >
> > > Ron
> > >
> > >
> > >
> > >
> >
> >
> ==============================================================
> ============
> > ==
> > ====
> > > To unsubscribe from this mailing list, please see the
> > instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > >
> >
> >
> ==============================================================
> ============
> > ==
> > ====
> > >
> >
> >
> >
> >
> >
> ==============================================================
> ============
> > ==
> > ====
> > To unsubscribe from this mailing list, please see the
> > instructions at
> > http://www.checkpoint.com/services/mailing.html
> >
> >
> ==============================================================
> ============
> > ==
> > ====
> >
> >
> >
> ==============================================================
> ============
> > ======
> > To unsubscribe from this mailing list, please see the
> instructions at
> > http://www.checkpoint.com/services/mailing.html
> >
> ==============================================================
> ============
> > ======
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
===========================================================================
=====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
===========================================================================
=====
[ Part 2, Application/OCTET-STREAM (Name: "att1.eml") 21KB. ]
[ Unable to print this part. ]