Public DNS resolving private address space !?! - Page 1 - Computers, Gadgets & Stuff

PistonHeads » Gassing Station » The Pie & Piston » Computers, Gadgets & Stuff

Public DNS resolving private address space !?!

My Profile My Preferences My Mates

Search My Stuff

What's New 3 12 24 72

OP Posts Only

Author

Discussion

T4R

Original Poster

461 posts

267 months

[report]

[news]

Wednesday 4th February 2004

This morning I received an email advert for Cisco (see attached) from a magazine publishing company, VNU.

I do not wish to receive such emails from them and so I clicked the linked at the bottom of the page which points to http://imgdev.vnunet.com/v6_static/unsubscribe/index.html however the server is down, according to my browser. So a little further investigation.

I tried pinging the host imgdev.vnunet.com, which resolved to host dev.vnunet.com, and very bizarrely 10.11.128.155.

This address is private (RFC 1918)

address space, yet is being advertised by public DNS servers. This IP address should not be advertised and cannot be routed on the public internet, and therefore with this address no-one will be able to unsubscribe anyway.

Can anyone shed any light on this.. am I missing something here ?

Thanks and regards

Confused of Cobham

>>> Edited by T4R on Wednesday 4th February 17:06

john_p

7,073 posts

268 months

[report]

[news]

Wednesday 4th February 2004

T4R said:
I tried pinging the host imgdev.vnunet.com, which resolved to host dev.vnunet.com, and very bizarrely 10.11.128.155.

DNS can be set up to publish anything, you are right in saying that 10.x.x.x will not be routed over the Internet, but that doesn't stop anyone putting it on their DNS server. Your system will still try and send a packet to 10.x.x.x but if it's not on your local network your Internet gateway should say "I'm not routing that" and ignore/reject it.

I would guess vnunet use 10.x.x.x in their 'internal' network and dev.vnunet.com is something their staff use internally, and somehow it's got onto an email.

T4R said:

and therefore with this address no-one will be able to unsubscribe anyway.

Of course, that may be the reason

T4R

Original Poster

461 posts

267 months

[report]

[news]

Wednesday 4th February 2004

John, you're correct, but presumably their ISP registered the name/address on their own DNS. A big no-no anyway.

I normally route RFC1918 address to Null0 on our boundary routers anyway. (We've got something like 440 public class C networks and three class B address networks available and registered to us, so we're not using RFC1918). I removed this route, and as expected it just gets ditched in the same manner by our ISP.

I also suspect you're right about not being able to unsubscribe. Naughty.

Thanks

>> Edited by T4R on Wednesday 4th February 12:19

jam1et

1,536 posts

270 months

[report]

[news]

Wednesday 4th February 2004

I'd be surprised if VNU would make unsubscribing so difficult on purpose. I've found them to be a reputable company. Actually, having said that, regarding spam, nothing really surprises me any more.

john_p

7,073 posts

268 months

[report]

[news]

Wednesday 4th February 2004

Yeah I thought most routers ditched RFC1918 traffic anyway, or they should for security.

Sounds like an incompetent admin to me .. or perhaps an incompetent person writing the email.

I don't think there's any rules that actually prevent you from serving RFC1918 IP addresses on a public DNS service? They should really set it up with multiple views of the DNS so that the public don't see private addresses but I suppose as long as they don't need to see it, it's not going to break anything ..

JamieBeeston

9,294 posts

283 months

[report]

[news]

Thursday 5th February 2004

Some Slackly Secured DNS server said:

vnunet.com 21600 IN A 62.140.213.144
vnunet.com 21600 IN NS dns.vnunet.net
area51.vnunet.com 21600 IN A 62.140.213.250
bashir.vnunet.com 21600 IN A 212.161.108.132
cardangold.vnunet.com 21600 IN A 194.72.43.150
cms-be.vnunet.com 21600 IN A 212.0.109.132
cms-be-prod.vnunet.com 21600 IN A 212.0.109.132
cms-de.vnunet.com 21600 IN A 212.0.109.132
cms-de-prod.vnunet.com 21600 IN A 212.0.109.132
cms-es.vnunet.com 21600 IN A 212.0.109.132
cms-es-prod.vnunet.com 21600 IN A 212.0.109.132
cms-it.vnunet.com 21600 IN A 212.0.109.132
cms-it-prod.vnunet.com 21600 IN A 212.0.109.132
cms-uk.vnunet.com 21600 IN A 212.0.109.132
cms-uk-prod.vnunet.com 21600 IN A 212.0.109.132
comet.vnunet.com 21600 IN A 194.72.64.150
crn.vnunet.com 21600 IN A 62.140.213.144
dev.vnunet.com 21600 IN A 10.11.128.155
devdb1.vnunet.com 21600 IN A 10.11.128.156
devdb2.vnunet.com 21600 IN A 10.11.128.157
gandalf.vnunet.com 21600 IN A 194.72.43.154
gentoo.vnunet.com 21600 IN A 10.11.155.40
l3dns1.vnunet.com 21600 IN A 62.140.213.135
l3dns2.vnunet.com 21600 IN A 62.140.213.136
laforge.vnunet.com 21600 IN A 10.11.20.20
localhost.vnunet.com 21600 IN A 127.0.0.1
mail.vnunet.com 21600 IN NS bb1dns1.ddc.dartmail.net
mail.vnunet.com 21600 IN NS bb1dns1.edc.dartmail.net
mail.vnunet.com 21600 IN NS bb1dns2.edc.dartmail.net
mediaportal.vnunet.com 21600 IN A 62.140.213.201
obrien.vnunet.com 21600 IN A 212.161.108.133
picard.vnunet.com 21600 IN A 212.161.108.129
quark.vnunet.com 21600 IN A 10.11.20.10
rolaren.vnunet.com 21600 IN A 212.161.108.135
sisko.vnunet.com 21600 IN A 212.161.108.134
support-es.vnunet.com 21600 IN A 212.0.109.132
upload.vnunet.com 21600 IN A 62.140.213.191
vnunetnotes.vnunet.com 21600 IN A 10.11.129.15
web1.vnunet.com 21600 IN A 62.140.213.141
web2.vnunet.com 21600 IN A 62.140.213.144
willofgod.vnunet.com 21600 IN A 194.72.43.158
wizard.vnunet.com 21600 IN A 194.72.43.152

Seems they have a few Public, Private addresses.

OP Posts Only

Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff

Posting Rules