DNS Morons

These people should run Split-horizon DNS;

Host	Wrong IP address	Reason
adcluster.conexiondigitalsas.net	fdea:7552:3232::1:e81e	IPv6 Unique Local
dns2.callitechnic.com	172.16.3.242	RFC 1918
none.underplatform.com	192.168.6.177	RFC 1918
ns1.netplus.co.in	64:ff9b::6729:17c2	RFC 6052
ns1.nettally.com	fd41:a5ab:fd39:809e:7cd3:2c3a:42c2:bb55	IPv6 Unique Local
ns2.netplus.co.in	64:ff9b::6729:17c3	RFC 6052
ns2.nettally.com	fd41:a5ab:fd39:809e:3db4:ec9b:a0a3:5866	IPv6 Unique Local
sas-1d4.yndx.net	10.212.18.22	RFC 1918

Last update: Fri 27 Mar 07:02:01 UTC 2026

Block

You can block answers like these with Bind's 'deny-answer-addresses' feature;

    deny-answer-addresses {
        // Unconfigured
        0.0.0.0;
        // RFC 1918
        10.0.0.0/8;
        172.16.0.0/12;
        192.168.0.0/16;
        // RFC 3927
        169.254.0.0/16;
        // IPv6
        // :: to ::ffff:ffff:ffff.
        // Includes ::, ::1, IPv4-Compatible IPv6 Addresses ::/96,
        // and IPv4-mapped IPv6 addresses ::ffff:0:0/96
        ::/80;
        // RFC 6052
        64:ff9b::/96;
        // Reserved for Documentation
        2001:db8::/32;
        // IPv6 Unique Local
        fc00::/7;
        // IPv6 Link local
        fe80::/10;
        // IPv6 Site local
        fec0::/10;
        // Your IPv6 address range(s)
        Net/Mask
    } except-from { "Your.Domain"; };
    deny-answer-aliases { "Your.Domain"; };

The produces log entries like;

  Aug 21 19:31:01 sput named[1601]: answer address 10.0.0.100 denied for spacefon.com/A/IN

Not blocking these addresses can be a serious security risk.