These people should run Split-horizon DNS;
| Host | Wrong IP address | Reason |
|---|---|---|
| abts-kk-dynamic-201.79.171.122-airtelbroadband.in | 0.0.0.0 | Unconfigured |
| abts-north-static-51.196.161.122-airtelbroadband.in | 0.0.0.0 | Unconfigured |
| bayns1.msn.net | 10.20.206.31 | RFC 1918 |
| bayns2.msn.net | 10.20.206.32 | RFC 1918 |
| ccitns02.e-dmn.com | 192.168.11.184 | RFC 1918 |
| cm-84.212.31.212.getinternet.no | ::84.212.31.212 | IPv4-Compatible IPv6 Addresses |
| dns.btcl.net.bd | fe80::1618:77ff:fe6d:264a | IPv6 Link local |
| dns1.srv.nuigalway.ie | 172.16.7.142 | RFC 1918 |
| haitns01.e-dmn.com | 192.168.11.183 | RFC 1918 |
| ibdxbns4.duhosting.ae | 10.198.18.14 | RFC 1918 |
| ns.baikal-online.ru | 0.0.0.0 | Unconfigured |
| ns.hetsptt.net.cn | 0.0.0.0 | Unconfigured |
| ns02.foxinc.com | 10.215.244.27 | RFC 1918 |
| ns1.grcc.ru | 10.8.9.50 | RFC 1918 |
| ns2.cmt.net.br | 10.1.0.54 | RFC 1918 |
| ns3.tataidc.co.in | 64:ff9b::6708:2d05 | RFC 6052 |
| ns4.tataidc.co.in | 64:ff9b::6708:2e05 | RFC 6052 |
| ns5.tataidc.co.in | 64:ff9b::6708:2c05 | RFC 6052 |
| rev1.globalrootservers.net | 0.0.0.0 | Unconfigured |
| rev2.globalrootservers.net | 0.0.0.0 | Unconfigured |
| s-dns-cvt2-01.pop.ns.selectel.org | 172.24.87.66 | RFC 1918 |
| slave.btcl.net.bd | fe80::1618:77ff:fe6d:1e60 | IPv6 Link local |
| static-10.187.143.114-tataidc.co.in | 0.0.0.0 | Unconfigured |
| static-102.52.143.114-tataidc.co.in | 0.0.0.0 | Unconfigured |
| static-106.207.143.114-tataidc.co.in | 0.0.0.0 | Unconfigured |
| static-108-62-118-101.nextroute.co | 0.0.0.0 | Unconfigured |
| static-142.156.143.114-tataidc.co.in | 0.0.0.0 | Unconfigured |
| static-178.41.93.111-tataidc.co.in | 0.0.0.0 | Unconfigured |
| static-186.158.143.114-tataidc.co.in | 0.0.0.0 | Unconfigured |
| static-46.4.93.111-tataidc.co.in | 0.0.0.0 | Unconfigured |
| static-70.24.93.111-tataidc.co.in | 0.0.0.0 | Unconfigured |
| tk2ns1.msn.net | 10.20.195.212 | RFC 1918 |
| tk2ns2.msn.net | 10.20.195.213 | RFC 1918 |
Last update: Sat 24 Oct 06:02:01 UTC 2020
You can block answers like these with Bind's 'deny-answer-addresses' feature;
deny-answer-addresses {
// Unconfigured
0.0.0.0;
// RFC 1918
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
// RFC 3927
169.254.0.0/16;
// IPv6
// :: to ::ffff:ffff:ffff.
// Includes ::, ::1, IPv4-Compatible IPv6 Addresses ::/96,
// and IPv4-mapped IPv6 addresses ::ffff:0:0/96
::/80;
// RFC 6052
64:ff9b::/96;
// Reserved for Documentation
2001:db8::/32;
// IPv6 Unique Local
fc00::/7;
// IPv6 Link local
fe80::/10;
// IPv6 Site local
fec0::/10;
// Your IPv6 address range(s)
Net/Mask
} except-from { "Your.Domain"; };
deny-answer-aliases { "Your.Domain"; };
The produces log entries like;
Aug 21 19:31:01 sput named[1601]: answer address 10.0.0.100 denied for spacefon.com/A/IN
Not blocking these addresses can be a serious security risk.