[58814] in North American Network Operators' Group
RE: Net-24 top prefix generating bogus RFC-1918 queries
daemon@ATHENA.MIT.EDU (Sean Donelan)
Mon Jun 2 00:26:50 2003
Date: Mon, 2 Jun 2003 00:26:16 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
In-Reply-To: <390E55B947E7C848898AEBB9E5077060014EAAB6@msmdcfs01.msmgmt.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 1 Jun 2003, McBurnett, Jim wrote:
> guys.. I have a thought...
> I am a charter fiber customer..
> AND they use lots of 1918 address for management even some customer links.
> I have seen this on all the cable providers..
> unlike Sprint/MCI/ATT they don't use 100% RW on all their equipment..
>
> then they leak because the BGP is not filtering properly..
Uhm, incorrect.
A DNS lookup for a RFC1918 in-addr.arpa record is unrelated to BGP or
BGP filters.
If you want to generate an RFC1918 in-addr.arpa query to the AS112
servers do the following
> nslookup
Default Server: localhost
Address: 127.0.0.1
> set querytype=any
> 10.in-addr.arpa
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
10.in-addr.arpa
origin = prisoner.iana.org
mail addr = hostmaster.root-servers.org
serial = 2002040800
refresh = 1800 (30M)
retry = 900 (15M)
expire = 604800 (1W)
minimum ttl = 604800 (1W)
Authoritative answers can be found from:
10.in-addr.arpa nameserver = BLACKHOLE-1.iana.org
10.in-addr.arpa nameserver = BLACKHOLE-2.iana.org
BLACKHOLE-1.iana.org internet address = 192.175.48.6
BLACKHOLE-2.iana.org internet address = 192.175.48.42
>
Your query will then be included in John's statistics. You BGP filters
will not stop it.
