[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] strange problem resolving addresses
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
This should now be fixed. I just queried the root server directly and they
are no longer
providing the reverse to the RFC-1918 space.
gate.mcc.net# ns
Default Server: localhost
Address: 127.0.0.1
> lserver 128.9.64.26
Default Server: blackhole.isi.edu
Address: 128.9.64.26
> 10.1.1.1
Server: blackhole.isi.edu
Address: 128.9.64.26
*** blackhole.isi.edu can't find 10.1.1.1: Non-existent host/domain
> 192.168.1.1
Server: blackhole.isi.edu
Address: 128.9.64.26
*** blackhole.isi.edu can't find 192.168.1.1: Non-existent host/domain
> -----Original Message-----
> From: srae@ghs.guthrie.org [SMTP:srae@ghs.guthrie.org]
> Sent: Thursday, April 22, 1999 11:46 AM
> To: Tag Morgan
> Cc: 'Firewall 1 Mailinglist'
> Subject: RE: [FW1] strange problem resolving addresses
>
> Tag,
>
> So what happened yesterday? I thought that I had my internal DNS setup to
> resolve or not resolve all my "private" IP addresses, but I still had
> problems. Is anyone claiming responsiblity for this mess? I haven't seen
> anything in any of the larger Internet news magazines?
>
> Thanks,
>
> Stewart Rae
>
>
>
>
> Tag Morgan <tmorgan@softwaresystemsgroup.com> on 04/21/99 02:03:49 PM
>
>
>
> To: "'Firewall 1 Mailinglist'"
> <fw-1-mailinglist@lists.us.checkpoint.com>
>
> cc: (bcc: STEWART RAE/GUTHRIE)
>
>
>
> Subject: RE: [FW1] strange problem resolving addresses
>
>
>
>
>
>
>
>
> The gentlman responsible for the root servers for IANA is not answering
> his
> phone currently, and his voice mail box is full. (hrmmm.... wonder why...
> maybe ten thousand network admins calling to ask WTF????) I have an email
> address for him and will send an inquiry. Should be interesting to see
> what
> he says about it.
>
>
>
> /*-----------------------------------*/
> /* I live with FEAR every day. */
> /* But, sometimes, she lets me RACE. */
> /*-----------------------------------*/
>
> K.T. Morgan
> Network Engineer
> CCSA/CCSE
> Software Systems Group, Inc.
> (703) 913-0813x39
>
>
>
> > -----Original Message-----
> > From: Paquette, Trevor [mailto:TrevorPaquette@metronet.ca]
> > Sent: Wednesday, April 21, 1999 1:30 PM
> > To: fw-1-mailinglist@lists.us.checkpoint.com; 'iana@iana.org'
> > Subject: RE: [FW1] strange problem resolving addresses
> >
> >
> >
> > looks like iana.org is now providing the reverse mapping for
> > all RFC-1918
> > space..
> >
> > sigh.. which they would let us all know beforehand!
> >
> > IANA: Please tell us why you have decided to provide this
> > reverse mapping.
> >
> > gate# whois -h whois.arin.net 10.0.0.0
> > IANA (RESERVED-6)
> > Internet Assigned Numbers Authority
> > Information Sciences Institute
> > University of Southern California
> > 4676 Admiralty Way, Suite 1001
> > Marina del Rey, CA 90292-6695
> >
> > Netname: RESERVED-10
> > Netblock: 10.0.0.0 - 10.255.255.255
> >
> > Coordinator:
> > Internet Assigned Numbers Authority (IANA-ARIN) iana@iana.org
> > (310) 822-1511
> >
> > Domain System inverse mapping provided by:
> >
> > BLACKHOLE.ISI.EDU 128.9.64.26
> > NS2.INTERNIC.NET 198.41.0.11
> >
> > Record last updated on 26-Sep-98.
> > Database last updated on 20-Apr-99 16:13:58 EDT.
> >
> > The ARIN Registration Services Host contains ONLY Internet
> > Network Information: Networks, ASN's, and related POC's.
> > Please use the whois server at rs.internic.net for DOMAIN related
> > Information and nic.mil for NIPRNET Information.
> >
> > gate# nslookup
> > Default Server: localhost
> > Address: 127.0.0.1
> >
> > > lserver BLACKHOLE.ISI.EDU
> > Default Server: BLACKHOLE.ISI.EDU
> > Address: 128.9.64.26
> >
> > > 10.1.1.1
> > Server: BLACKHOLE.ISI.EDU
> > Address: 128.9.64.26
> >
> > Name: read-rfc1918-for-details.iana.net
> > Address: 10.1.1.1
> >
> > > 192.168.1.1
> > Server: BLACKHOLE.ISI.EDU
> > Address: 128.9.64.26
> >
> > Name: read-rfc1918-for-details.iana.net
> > Address: 192.168.1.1
> >
> > > 172.16.1.1
> > Server: BLACKHOLE.ISI.EDU
> > Address: 128.9.64.26
> >
> > Name: read-rfc1918-for-details.iana.net
> > Address: 172.16.1.1
> >
> > >
> >
> > > -----Original Message-----
> > > From: Alex Johnston [SMTP:AlexJohnston@tcbk.com]
> > > Sent: Wednesday, April 21, 1999 11:07 AM
> > > To: 'Larry Pesce'; uncleron@geocities.com;
> > > fw-1-mailinglist@lists.us.checkpoint.com
> > > Subject: RE: [FW1] strange problem resolving addresses
> > >
> > >
> > > NT here, last night all my RFC 1918 addressed devices began
> > reporting
> > > there
> > > address in the logs as read-rfc1918-for-details.iana.net as well.
> > >
> > > This does prove a problem as any log files exported will now have
> > > read-rfc1918-for-details.iana.net as the resolved address....any log
> > > cruncher's defined queries are now worthless as all RFC1918
> > devices now
> > > have
> > > one address... read-rfc1918-for-details.iana.net !! (GRRR)
> > >
> > > How many other people have seen this? I thought it was my
> > server unable
> > > to
> > > handle load of name resolution...
> > > But we now have two others, on different platforms, with
> > the same symptoms
> > > on the same day...
> > >
> > > Anybody else want to volunteer info??
> > >
> > > Alex
> > >
> > > -----Original Message-----
> > > From: Larry Pesce [SMTP:lp6356@alpha.rwu.edu]
> > > Sent: Wednesday, April 21, 1999 8:43 AM
> > > To: uncleron@geocities.com;
> > > fw-1-mailinglist@lists.us.checkpoint.com
> > > Subject: Re: [FW1] strange problem resolving addresses
> > >
> > >
> > > I noticed a similar type of occurence today too...
> > >
> > > We use HP OpenView to manage our network, and it automaticaly
> > > discovers
> > > nodes using ARP tables from routers. A few months ago
> > we attached
> > > our
> > > network via ATM over Sonnet to another hospital, but HP
> > OV did not
> > > discover
> > > anything across our ATM router to the other
> > hospital....untill last
> > > night.
> > > And all of the other devices that were discovered at the other
> > > hopital came
> > > through with the same definition:
> > read-rfc1918-for-details.iana.net
> > >
> > > The other hospital uses a network 172.25.X.X and you are using
> > > 192.168.X.X which are NOT in the range of address reserved for
> > > private
> > > internal networks, although close. The reserved
> > networks are listed
> > > in
> > > RFC1918.
> > >
> > > I'm thinking the IANA did something to notify all of those users
> > > that are
> > > using IP classes that are not specifcaly reserved for private
> > > internal use,
> > > but are using addresses that are close???
> > >
> > > Any one have any ideas?
> > >
> > > -Larry
> > >
> > > ----- Original Message -----
> > > From: <uncleron@geocities.com>
> > > To: <fw-1-mailinglist@lists.us.checkpoint.com>
> > > Sent: Wednesday, April 21, 1999 10:51 AM
> > > Subject: [FW1] strange problem resolving addresses
> > >
> > >
> > > >
> > > > When I have address resolution turned on in the log viewer, my
> > > private
> > > > address machines (192.168.x.x) are resolved as
> > read-rfc-1918-for
> > > > -details.iana.net. This started yesterday with 1 or
> > 2 machines,
> > > this
> > > > morning all of the machines which get their address via DHCP
> > > resolve to
> > > > this name. Firewall is 3.0b build 3083 on Solaris, no changes
> > > have been
> > > > made to the system since applying 3083 in January.
> > > >
> > > > Any ideas?
> > > >
> > > > Thanks,
> > > >
> > > > Ron
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > ==============================================================
> > ============
> > > ==
> > > ====
> > > > To unsubscribe from this mailing list, please see the
> > > instructions at
> > > > http://www.checkpoint.com/services/mailing.html
> > > >
> > >
> > >
> > ==============================================================
> > ============
> > > ==
> > > ====
> > > >
> > >
> > > From bouncbot@us.checkpoint.com Wed Apr 21 08:57:39 1999
> > > Return-Path: <bouncbot>
> > > Received: by us.checkpoint.com
> > (8.9.3/8.9.3/CPoak/1.3.7) id IAA15259
> > > for jwright@us.checkpoint.com; Wed, 21 Apr 1999 08:57:38
> > > -0700 (PDT)
> > > Received: from hale-bopp.ts.checkpoint.com
> > > (hale-bopp.ts.checkpoint.com [204.156.136.27])
> > > by us.checkpoint.com (8.9.3/8.9.3/CPoak/1.3.7)
> > with ESMTP id
> > > IAA15249
> > > for <bouncbot@oak.us.checkpoint.com>; Wed, 21 Apr 1999
> > > 08:57:37 -0700 (PDT)
> > > From: owner-fw-1-mailinglist@us.checkpoint.com
> > > Received: from softwhisper.us.checkpoint.com
> > > (softwhisper.us.checkpoint.com [206.184.151.213])
> > > by hale-bopp.ts.checkpoint.com
> > (8.9.3/8.9.3/CPmx/1.1) with
> > > ESMTP id KAA10983
> > > for <bouncbot@oak.us.checkpoint.com>; Wed, 21 Apr 1999
> > > 10:57:35 -0500 (CDT)
> > > Received: (from majordom@localhost)
> > > by softwhisper.us.checkpoint.com
> > > (8.9.3/8.9.3/CPsoftwhisper/1.2.1) id IAA06970;
> > > Wed, 21 Apr 1999 08:57:34 -0700 (PDT)
> > > Date: Wed, 21 Apr 1999 08:57:34 -0700 (PDT)
> > > Message-Id:
> > <199904211557.IAA06970@softwhisper.us.checkpoint.com>
> > > To: owner-fw-1-mailinglist@lists.us.checkpoint.com
> > > Subject: BOUNCE fw-1-mailinglist@lists.us.checkpoint.com:
> > > Non-member submission from ["Larry Pesce" <lp6356@alpha.rwu.edu>]
> > > X-Loop: bouncbot
> > > Status: RO
> > > Content-Length: 3573
> > > Lines: 109
> > >
> > > >From bouncbot Wed Apr 21 08:57:31 1999
> > > Received: from hale-bopp.ts.checkpoint.com
> > > (hale-bopp.ts.checkpoint.com [204.156.136.27])
> > > by softwhisper.us.checkpoint.com
> > > (8.9.3/8.9.3/CPsoftwhisper/1.2.1) with ESMTP id IAA06965
> > > for <fw-1-mailinglist@lists.us.checkpoint.com>;
> > Wed, 21 Apr
> > > 1999 08:57:31 -0700 (PDT)
> > > Received: from alpha.rwu.edu (alpha.rwu.edu [12.15.139.2])
> > > by hale-bopp.ts.checkpoint.com
> > (8.9.3/8.9.3/CPmx/1.1) with
> > > SMTP id KAA10901
> > > for <fw-1-mailinglist@lists.us.checkpoint.com>;
> > Wed, 21 Apr
> > > 1999 10:55:58 -0500 (CDT)
> > > Received: from host205.wihri.org by alpha.rwu.edu
> > > (5.65v4.0/1.1.19.2/28Dec98-0430PM)
> > > id AA03387; Wed, 21 Apr 1999 11:49:45 -0400
> > > Message-Id: <003501be8c0e$a7bf5e80$82118b9f@wihri.org>
> > > From: "Larry Pesce" <lp6356@alpha.rwu.edu>
> > > To: <uncleron@geocities.com>,
> > > <fw-1-mailinglist@lists.us.checkpoint.com>
> > > References: <371DE5EE.D5D28857@geocities.com>
> > > Subject: Re: [FW1] strange problem resolving addresses
> > > Date: Wed, 21 Apr 1999 11:49:26 -0400
> > > Mime-Version: 1.0
> > > Content-Type: text/plain;
> > > charset="iso-8859-1"
> > > Content-Transfer-Encoding: 7bit
> > > X-Priority: 3
> > > X-Msmail-Priority: Normal
> > > X-Mailer: Microsoft Outlook Express 5.00.2314.1300
> > > X-Mimeole: Produced By Microsoft MimeOLE V5.00.2314.1300
> > >
> > > More info....sent to me by someone
> > >
> > > >Larry,
> > >
> > > >I think I might have a bit of information for the puzzle :)
> > > >Last year this happened to a few of our linux proxies
> > when IANA did
> > > >something :) But we wised up and setup host/dns
> > entries for each of
> > > the
> > > >customer proxies that were effected, and future ones :)
> > > >
> > > >It looks like this time around, IANA have added reverse dns on
> > > every
> > > >single private ip address :
> > > >
> > > >nslookup 10.0.0.5 128.9.128.127
> > > >Server: darkstar.isi.edu
> > > >Address: 128.9.128.127
> > > >
> > > >Name: read-rfc1918-for-details.iana.net
> > > >Address: 10.0.0.5
> > > >
> > > >[johnb@shell johnb]$ nslookup 10.0.5.5 128.9.128.127
> > > >Server: darkstar.isi.edu
> > > >Address: 128.9.128.127
> > > >
> > > >Name: read-rfc1918-for-details.iana.net
> > > >Address: 10.0.5.5
> > > >
> > > >[johnb@shell johnb]$ nslookup 10.25.5.5 128.9.128.127
> > > >Server: darkstar.isi.edu
> > > >Address: 128.9.128.127
> > > >
> > > >Name: read-rfc1918-for-details.iana.net
> > > >Address: 10.25.5.5
> > > >
> > > >[johnb@shell johnb]$ nslookup 172.16.40.4 128.9.128.127
> > > >Server: darkstar.isi.edu
> > > >Address: 128.9.128.127
> > > >
> > > >Name: read-rfc1918-for-details.iana.net
> > > >Address: 172.16.40.4
> > > >
> > > >But the forward doesn't resolve :)
> > > >
> > > >I'm thinking iana did this because there are more idiot admins
> > > popping up
> > > >trying to announce 10.x networks on routers and stuff
> > like that.
> > > >
> > > >Regards
> > > >
> > > >John Buswell
> > > >Systems Administrator
> > > >OneNet Communications, Inc.
> > > >(513) 618-1000 - johnb@one.net
> > > >
> > >
> > > ----- Original Message -----
> > > From: <uncleron@geocities.com>
> > > To: <fw-1-mailinglist@lists.us.checkpoint.com>
> > > Sent: Wednesday, April 21, 1999 10:51 AM
> > > Subject: [FW1] strange problem resolving addresses
> > >
> > >
> > > >
> > > > When I have address resolution turned on in the log viewer, my
> > > private
> > > > address machines (192.168.x.x) are resolved as
> > read-rfc-1918-for
> > > > -details.iana.net. This started yesterday with 1 or
> > 2 machines,
> > > this
> > > > morning all of the machines which get their address via DHCP
> > > resolve to
> > > > this name. Firewall is 3.0b build 3083 on Solaris, no changes
> > > have been
> > > > made to the system since applying 3083 in January.
> > > >
> > > > Any ideas?
> > > >
> > > > Thanks,
> > > >
> > > > Ron
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > ==============================================================
> > ============
> > > ==
> > > ====
> > > > To unsubscribe from this mailing list, please see the
> > > instructions at
> > > > http://www.checkpoint.com/services/mailing.html
> > > >
> > >
> > >
> > ==============================================================
> > ============
> > > ==
> > > ====
> > > >
> > >
> > >
> > >
> > >
> > >
> > ==============================================================
> > ============
> > > ==
> > > ====
> > > To unsubscribe from this mailing list, please see the
> > > instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > >
> > >
> > ==============================================================
> > ============
> > > ==
> > > ====
> > >
> > >
> > >
> > ==============================================================
> > ============
> > > ======
> > > To unsubscribe from this mailing list, please see the
> > instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > >
> > ==============================================================
> > ============
> > > ======
> >
> >
> > ==============================================================
> > ==================
> > To unsubscribe from this mailing list, please see the
> > instructions at
> > http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
> >
>
>
> ==========================================================================
> =
> =====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> =
> ===== << File: att1.eml >>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================