[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] strange problem resolving addresses



    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


The problem stems farther than just reporting.  If you have any UNIX servers
running mail (Sendmail and QPopper, for example) they wont allow you to
connect to their services unless they can lookup your address.  An
administrator once told me of a situation where the "Blackhole" servers went
down and no one using NAT could get to their UNIX mail servers.  Worse off,
no one knew that the servers were down, so they all spent time trying to
find something wrong on the box.

The moral of the story is this, if you're going to use Network Address
Translation, have any DNS server you resolve to be a primary domain for
those "Blackhole" addresses.  Don't use the real "Blackhole" servers!  I
know this is not possible for some smaller organizations, but think about
the cost of setting a DNS service on one box.  Believe me, it's not fun
explaining to your manager why you can't get to the internal mail server
when the T1 to the Internet is down, and not easy either!

I'm open for questions about this,
Daniel Katz
Jr. Network Specialist, CCSE

-----Original Message-----
From: Paquette, Trevor [mailto:TrevorPaquette@metronet.ca]
Sent: Thursday, April 22, 1999 3:28 PM
To: 'Firewall 1 Mailinglist'
Subject: RE: [FW1] strange problem resolving addresses



This should now be fixed. I just queried the root server directly and they
are no longer
providing the reverse to the RFC-1918 space.

gate.mcc.net# ns
Default Server:  localhost
Address:  127.0.0.1

> lserver 128.9.64.26
Default Server:  blackhole.isi.edu
Address:  128.9.64.26

> 10.1.1.1
Server:  blackhole.isi.edu
Address:  128.9.64.26

*** blackhole.isi.edu can't find 10.1.1.1: Non-existent host/domain
> 192.168.1.1
Server:  blackhole.isi.edu
Address:  128.9.64.26

*** blackhole.isi.edu can't find 192.168.1.1: Non-existent host/domain

> -----Original Message-----
> From:	srae@ghs.guthrie.org [SMTP:srae@ghs.guthrie.org]
> Sent:	Thursday, April 22, 1999 11:46 AM
> To:	Tag Morgan
> Cc:	'Firewall 1 Mailinglist'
> Subject:	RE: [FW1] strange problem resolving addresses
> 
> Tag,
> 
> So what happened yesterday?  I thought that I had my internal DNS setup to
> resolve or not resolve all my "private" IP addresses, but I still had
> problems.  Is anyone claiming responsiblity for this mess?  I haven't seen
> anything in any of the larger Internet news magazines?
> 
> Thanks,
> 
> Stewart Rae
> 
> 
> 
> 
> Tag Morgan <tmorgan@softwaresystemsgroup.com> on 04/21/99 02:03:49 PM
>                                                               
>                                                               
>                                                               
>  To:      "'Firewall 1 Mailinglist'"                          
>           <fw-1-mailinglist@lists.us.checkpoint.com>          
>                                                               
>  cc:      (bcc: STEWART RAE/GUTHRIE)                          
>                                                               
>                                                               
>                                                               
>  Subject: RE: [FW1] strange problem resolving addresses       
>                                                               
> 
> 
> 
> 
> 
> 
> 
> The gentlman responsible for the root servers for IANA is not answering
> his
> phone currently, and his voice mail box is full. (hrmmm.... wonder why...
> maybe ten thousand network admins calling to ask WTF????)  I have an email
> address for him and will send an inquiry.  Should be interesting to see
> what
> he says about it.
> 
> 
> 
> /*-----------------------------------*/
> /* I live with FEAR every day.       */
> /* But, sometimes, she lets me RACE. */
> /*-----------------------------------*/
> 
> K.T. Morgan
> Network Engineer
> CCSA/CCSE
> Software Systems Group, Inc.
> (703) 913-0813x39
> 
> 
> 
> > -----Original Message-----
> > From: Paquette, Trevor [mailto:TrevorPaquette@metronet.ca]
> > Sent: Wednesday, April 21, 1999 1:30 PM
> > To: fw-1-mailinglist@lists.us.checkpoint.com; 'iana@iana.org'
> > Subject: RE: [FW1] strange problem resolving addresses
> >
> >
> >
> > looks like iana.org is now providing the reverse mapping for
> > all RFC-1918
> > space..
> >
> > sigh.. which they would let us all know beforehand!
> >
> > IANA: Please tell us why you have decided to provide this
> > reverse mapping.
> >
> > gate# whois -h whois.arin.net 10.0.0.0
> > IANA (RESERVED-6)
> >    Internet Assigned Numbers Authority
> >    Information Sciences Institute
> >    University of Southern California
> >    4676 Admiralty Way, Suite 1001
> >    Marina del Rey, CA 90292-6695
> >
> >    Netname: RESERVED-10
> >    Netblock: 10.0.0.0 - 10.255.255.255
> >
> >    Coordinator:
> >       Internet Assigned Numbers Authority  (IANA-ARIN)  iana@iana.org
> >       (310) 822-1511
> >
> >    Domain System inverse mapping provided by:
> >
> >    BLACKHOLE.ISI.EDU            128.9.64.26
> >    NS2.INTERNIC.NET             198.41.0.11
> >
> >    Record last updated on 26-Sep-98.
> >    Database last updated on 20-Apr-99 16:13:58 EDT.
> >
> > The ARIN Registration Services Host contains ONLY Internet
> > Network Information: Networks, ASN's, and related POC's.
> > Please use the whois server at rs.internic.net for DOMAIN related
> > Information and nic.mil for NIPRNET Information.
> >
> > gate# nslookup
> > Default Server:  localhost
> > Address:  127.0.0.1
> >
> > > lserver    BLACKHOLE.ISI.EDU
> > Default Server:  BLACKHOLE.ISI.EDU
> > Address:  128.9.64.26
> >
> > > 10.1.1.1
> > Server:  BLACKHOLE.ISI.EDU
> > Address:  128.9.64.26
> >
> > Name:    read-rfc1918-for-details.iana.net
> > Address:  10.1.1.1
> >
> > > 192.168.1.1
> > Server:  BLACKHOLE.ISI.EDU
> > Address:  128.9.64.26
> >
> > Name:    read-rfc1918-for-details.iana.net
> > Address:  192.168.1.1
> >
> > > 172.16.1.1
> > Server:  BLACKHOLE.ISI.EDU
> > Address:  128.9.64.26
> >
> > Name:    read-rfc1918-for-details.iana.net
> > Address:  172.16.1.1
> >
> > >
> >
> > > -----Original Message-----
> > > From: Alex Johnston [SMTP:AlexJohnston@tcbk.com]
> > > Sent: Wednesday, April 21, 1999 11:07 AM
> > > To:   'Larry Pesce'; uncleron@geocities.com;
> > > fw-1-mailinglist@lists.us.checkpoint.com
> > > Subject:   RE: [FW1] strange problem resolving addresses
> > >
> > >
> > > NT here, last night all my RFC 1918 addressed devices began
> > reporting
> > > there
> > > address in the logs as read-rfc1918-for-details.iana.net as well.
> > >
> > > This does prove a problem as any log files exported will now have
> > > read-rfc1918-for-details.iana.net as the resolved address....any log
> > > cruncher's defined queries are now worthless as all RFC1918
> > devices now
> > > have
> > > one address... read-rfc1918-for-details.iana.net !! (GRRR)
> > >
> > > How many other people have seen this?  I thought it was my
> > server unable
> > > to
> > > handle load of name resolution...
> > > But we now have two others, on different platforms, with
> > the same symptoms
> > > on the same day...
> > >
> > > Anybody else want to volunteer info??
> > >
> > > Alex
> > >
> > >  -----Original Message-----
> > >  From:     Larry Pesce [SMTP:lp6356@alpha.rwu.edu]
> > >  Sent:     Wednesday, April 21, 1999 8:43 AM
> > >  To:  uncleron@geocities.com;
> > > fw-1-mailinglist@lists.us.checkpoint.com
> > >  Subject:  Re: [FW1] strange problem resolving addresses
> > >
> > >
> > >  I noticed a similar type of occurence today too...
> > >
> > >  We use HP OpenView to manage our network, and it automaticaly
> > > discovers
> > >  nodes using ARP tables from routers.  A few months ago
> > we attached
> > > our
> > >  network via ATM over Sonnet to another hospital, but HP
> > OV did not
> > > discover
> > >  anything across our ATM router to the other
> > hospital....untill last
> > > night.
> > >  And all of the other devices that were discovered at the other
> > > hopital came
> > >  through with the same definition:
> > read-rfc1918-for-details.iana.net
> > >
> > >  The other hospital uses a network 172.25.X.X and you are using
> > >  192.168.X.X which are NOT in the range of address reserved for
> > > private
> > >  internal networks, although close.  The reserved
> > networks are listed
> > > in
> > >  RFC1918.
> > >
> > >  I'm thinking the IANA did something to notify all of those users
> > > that are
> > >  using IP classes that are not specifcaly reserved for private
> > > internal use,
> > >  but are using addresses that are close???
> > >
> > >  Any one have any ideas?
> > >
> > >  -Larry
> > >
> > >  ----- Original Message -----
> > >  From: <uncleron@geocities.com>
> > >  To: <fw-1-mailinglist@lists.us.checkpoint.com>
> > >  Sent: Wednesday, April 21, 1999 10:51 AM
> > >  Subject: [FW1] strange problem resolving addresses
> > >
> > >
> > >  >
> > >  > When I have address resolution turned on in the log viewer, my
> > > private
> > >  > address machines (192.168.x.x) are resolved as
> > read-rfc-1918-for
> > >  > -details.iana.net.  This started yesterday with 1 or
> > 2 machines,
> > > this
> > >  > morning all of the machines which get their address via DHCP
> > > resolve to
> > >  > this name.  Firewall is 3.0b build 3083 on Solaris, no changes
> > > have been
> > >  > made to the system since applying 3083 in January.
> > >  >
> > >  > Any ideas?
> > >  >
> > >  > Thanks,
> > >  >
> > >  > Ron
> > >  >
> > >  >
> > >  >
> > >  >
> > >
> > >
> > ==============================================================
> > ============
> > > ==
> > >  ====
> > >  >      To unsubscribe from this mailing list, please see the
> > > instructions at
> > >  >                http://www.checkpoint.com/services/mailing.html
> > >  >
> > >
> > >
> > ==============================================================
> > ============
> > > ==
> > >  ====
> > >  >
> > >
> > >  From bouncbot@us.checkpoint.com  Wed Apr 21 08:57:39 1999
> > >  Return-Path: <bouncbot>
> > >  Received: by us.checkpoint.com
> > (8.9.3/8.9.3/CPoak/1.3.7) id IAA15259
> > >       for jwright@us.checkpoint.com; Wed, 21 Apr 1999 08:57:38
> > > -0700 (PDT)
> > >  Received: from hale-bopp.ts.checkpoint.com
> > > (hale-bopp.ts.checkpoint.com [204.156.136.27])
> > >       by us.checkpoint.com (8.9.3/8.9.3/CPoak/1.3.7)
> > with ESMTP id
> > > IAA15249
> > >       for <bouncbot@oak.us.checkpoint.com>; Wed, 21 Apr 1999
> > > 08:57:37 -0700 (PDT)
> > >  From: owner-fw-1-mailinglist@us.checkpoint.com
> > >  Received: from softwhisper.us.checkpoint.com
> > > (softwhisper.us.checkpoint.com [206.184.151.213])
> > >       by hale-bopp.ts.checkpoint.com
> > (8.9.3/8.9.3/CPmx/1.1) with
> > > ESMTP id KAA10983
> > >       for <bouncbot@oak.us.checkpoint.com>; Wed, 21 Apr 1999
> > > 10:57:35 -0500 (CDT)
> > >  Received: (from majordom@localhost)
> > >       by softwhisper.us.checkpoint.com
> > > (8.9.3/8.9.3/CPsoftwhisper/1.2.1) id IAA06970;
> > >       Wed, 21 Apr 1999 08:57:34 -0700 (PDT)
> > >  Date: Wed, 21 Apr 1999 08:57:34 -0700 (PDT)
> > >  Message-Id:
> > <199904211557.IAA06970@softwhisper.us.checkpoint.com>
> > >  To: owner-fw-1-mailinglist@lists.us.checkpoint.com
> > >  Subject: BOUNCE fw-1-mailinglist@lists.us.checkpoint.com:
> > > Non-member submission from ["Larry Pesce" <lp6356@alpha.rwu.edu>]
> > >  X-Loop: bouncbot
> > >  Status: RO
> > >  Content-Length: 3573
> > >  Lines: 109
> > >
> > >  >From bouncbot  Wed Apr 21 08:57:31 1999
> > >  Received: from hale-bopp.ts.checkpoint.com
> > > (hale-bopp.ts.checkpoint.com [204.156.136.27])
> > >       by softwhisper.us.checkpoint.com
> > > (8.9.3/8.9.3/CPsoftwhisper/1.2.1) with ESMTP id IAA06965
> > >       for <fw-1-mailinglist@lists.us.checkpoint.com>;
> > Wed, 21 Apr
> > > 1999 08:57:31 -0700 (PDT)
> > >  Received: from alpha.rwu.edu (alpha.rwu.edu [12.15.139.2])
> > >       by hale-bopp.ts.checkpoint.com
> > (8.9.3/8.9.3/CPmx/1.1) with
> > > SMTP id KAA10901
> > >       for <fw-1-mailinglist@lists.us.checkpoint.com>;
> > Wed, 21 Apr
> > > 1999 10:55:58 -0500 (CDT)
> > >  Received: from host205.wihri.org by alpha.rwu.edu
> > > (5.65v4.0/1.1.19.2/28Dec98-0430PM)
> > >       id AA03387; Wed, 21 Apr 1999 11:49:45 -0400
> > >  Message-Id: <003501be8c0e$a7bf5e80$82118b9f@wihri.org>
> > >  From: "Larry Pesce" <lp6356@alpha.rwu.edu>
> > >  To: <uncleron@geocities.com>,
> > > <fw-1-mailinglist@lists.us.checkpoint.com>
> > >  References: <371DE5EE.D5D28857@geocities.com>
> > >  Subject: Re: [FW1] strange problem resolving addresses
> > >  Date: Wed, 21 Apr 1999 11:49:26 -0400
> > >  Mime-Version: 1.0
> > >  Content-Type: text/plain;
> > >       charset="iso-8859-1"
> > >  Content-Transfer-Encoding: 7bit
> > >  X-Priority: 3
> > >  X-Msmail-Priority: Normal
> > >  X-Mailer: Microsoft Outlook Express 5.00.2314.1300
> > >  X-Mimeole: Produced By Microsoft MimeOLE V5.00.2314.1300
> > >
> > >  More info....sent to me by someone
> > >
> > >  >Larry,
> > >
> > >  >I think I might have a bit of information for the puzzle :)
> > >  >Last year this happened to a few of our linux proxies
> > when IANA did
> > >  >something :) But we wised up and setup host/dns
> > entries for each of
> > > the
> > >  >customer proxies that were effected, and future ones :)
> > >  >
> > >  >It looks like this time around, IANA have added reverse dns on
> > > every
> > >  >single private ip address :
> > >  >
> > >  >nslookup 10.0.0.5 128.9.128.127
> > >  >Server:  darkstar.isi.edu
> > >  >Address:  128.9.128.127
> > >  >
> > >  >Name:    read-rfc1918-for-details.iana.net
> > >  >Address:  10.0.0.5
> > >  >
> > >  >[johnb@shell johnb]$ nslookup 10.0.5.5 128.9.128.127
> > >  >Server:  darkstar.isi.edu
> > >  >Address:  128.9.128.127
> > >  >
> > >  >Name:    read-rfc1918-for-details.iana.net
> > >  >Address:  10.0.5.5
> > >  >
> > >  >[johnb@shell johnb]$ nslookup 10.25.5.5 128.9.128.127
> > >  >Server:  darkstar.isi.edu
> > >  >Address:  128.9.128.127
> > >  >
> > >  >Name:    read-rfc1918-for-details.iana.net
> > >  >Address:  10.25.5.5
> > >  >
> > >  >[johnb@shell johnb]$ nslookup 172.16.40.4 128.9.128.127
> > >  >Server:  darkstar.isi.edu
> > >  >Address:  128.9.128.127
> > >  >
> > >  >Name:    read-rfc1918-for-details.iana.net
> > >  >Address:  172.16.40.4
> > >  >
> > >  >But the forward doesn't resolve :)
> > >  >
> > >  >I'm thinking iana did this because there are more idiot admins
> > > popping up
> > >  >trying to announce 10.x networks on routers and stuff
> > like that.
> > >  >
> > >  >Regards
> > >  >
> > >  >John Buswell
> > >  >Systems Administrator
> > >  >OneNet Communications, Inc.
> > >  >(513) 618-1000 - johnb@one.net
> > >  >
> > >
> > >  ----- Original Message -----
> > >  From: <uncleron@geocities.com>
> > >  To: <fw-1-mailinglist@lists.us.checkpoint.com>
> > >  Sent: Wednesday, April 21, 1999 10:51 AM
> > >  Subject: [FW1] strange problem resolving addresses
> > >
> > >
> > >  >
> > >  > When I have address resolution turned on in the log viewer, my
> > > private
> > >  > address machines (192.168.x.x) are resolved as
> > read-rfc-1918-for
> > >  > -details.iana.net.  This started yesterday with 1 or
> > 2 machines,
> > > this
> > >  > morning all of the machines which get their address via DHCP
> > > resolve to
> > >  > this name.  Firewall is 3.0b build 3083 on Solaris, no changes
> > > have been
> > >  > made to the system since applying 3083 in January.
> > >  >
> > >  > Any ideas?
> > >  >
> > >  > Thanks,
> > >  >
> > >  > Ron
> > >  >
> > >  >
> > >  >
> > >  >
> > >
> > >
> > ==============================================================
> > ============
> > > ==
> > >  ====
> > >  >      To unsubscribe from this mailing list, please see the
> > > instructions at
> > >  >                http://www.checkpoint.com/services/mailing.html
> > >  >
> > >
> > >
> > ==============================================================
> > ============
> > > ==
> > >  ====
> > >  >
> > >
> > >
> > >
> > >
> > >
> > ==============================================================
> > ============
> > > ==
> > > ====
> > >       To unsubscribe from this mailing list, please see the
> > > instructions at
> > >                 http://www.checkpoint.com/services/mailing.html
> > >
> > >
> > ==============================================================
> > ============
> > > ==
> > > ====
> > >
> > >
> > >
> > ==============================================================
> > ============
> > > ======
> > >      To unsubscribe from this mailing list, please see the
> > instructions at
> > >                http://www.checkpoint.com/services/mailing.html
> > >
> > ==============================================================
> > ============
> > > ======
> >
> >
> > ==============================================================
> > ==================
> >      To unsubscribe from this mailing list, please see the
> > instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
> >
> 
> 
> ==========================================================================
> =
> =====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> =
> ===== << File: att1.eml >> 


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================