[58818] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

RE: Net-24 top prefix generating bogus RFC-1918 queries

daemon@ATHENA.MIT.EDU (McBurnett, Jim)
Mon Jun 2 08:41:15 2003

Date: Mon, 2 Jun 2003 08:40:27 -0400
From: "McBurnett, Jim" <jmcburnett@msmgmt.com>
To: "Sean Donelan" <sean@donelan.com>, <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu


Forgive me..
I thought I understood that 1918 routes were leaking....
Jim

>-----Original Message-----
>From: Sean Donelan [mailto:sean@donelan.com]
>Sent: Monday, June 02, 2003 12:26 AM
>To: nanog@merit.edu
>Subject: RE: Net-24 top prefix generating bogus RFC-1918 queries
>
>
>
>On Sun, 1 Jun 2003, McBurnett, Jim wrote:
>> guys.. I have a thought...
>> I am a charter fiber customer..
>> AND they use lots of 1918 address for management even some=20
>customer links.
>> I have seen this on all the cable providers..
>> unlike Sprint/MCI/ATT they don't use 100% RW on all their equipment..
>>
>> then they leak because the BGP is not filtering properly..
>
>Uhm, incorrect.
>
>A DNS lookup for a RFC1918 in-addr.arpa record is unrelated to BGP or
>BGP filters.
>
>If you want to generate an RFC1918 in-addr.arpa query to the AS112
>servers do the following
>
>> nslookup
>Default Server:  localhost
>Address:  127.0.0.1
>
>> set querytype=3Dany
>> 10.in-addr.arpa
>Server:  localhost
>Address:  127.0.0.1
>
>Non-authoritative answer:
>10.in-addr.arpa
>        origin =3D prisoner.iana.org
>        mail addr =3D hostmaster.root-servers.org
>        serial =3D 2002040800
>        refresh =3D 1800 (30M)
>        retry   =3D 900 (15M)
>        expire  =3D 604800 (1W)
>        minimum ttl =3D 604800 (1W)
>
>Authoritative answers can be found from:
>10.in-addr.arpa nameserver =3D BLACKHOLE-1.iana.org
>10.in-addr.arpa nameserver =3D BLACKHOLE-2.iana.org
>BLACKHOLE-1.iana.org    internet address =3D 192.175.48.6
>BLACKHOLE-2.iana.org    internet address =3D 192.175.48.42
>>
>
>Your query will then be included in John's statistics.  You BGP filters
>will not stop it.
>
>
>

home help back first fref pref prev next nref lref last post