DNS Morons

These people should run Split-horizon DNS;

EidotheaC.byui.edu

Responds with RFC1918 addresses.


sput:~$ host EidotheaC.byui.edu.

EidotheaC.byui.edu has address 10.10.192.211
EidotheaC.byui.edu has address 198.60.73.211

ntwk.msn.net

Responds with RFC1918 addresses.


tk2ns1.msn.net has address 10.20.195.212

tk2ns2.msn.net has address 10.20.195.213

bayns1.msn.net has address 10.20.206.31

bayns2.msn.net has address 10.20.206.32

After all these decades, Microsoft still doesn't understand the internet.

eo.pl

Responds with RFC1918 addresses.


sput:~$ dig waw.eo.pl @ns1.eo.pl

; <<>> DiG 9.7.3 <<>> waw.eo.pl @ns1.eo.pl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41186
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;waw.eo.pl.                     IN      A

;; AUTHORITY SECTION:
waw.eo.pl.              3600    IN      NS      core-gw2.tbg.eo.pl.
waw.eo.pl.              3600    IN      NS      core-gw1.waw.eo.pl.

;; ADDITIONAL SECTION:
core-gw1.waw.eo.pl.     3600    IN      A       192.168.30.1
core-gw2.tbg.eo.pl.     3600    IN      A       192.168.5.1

;; Query time: 70 msec
;; SERVER: 217.17.46.135#53(217.17.46.135)
;; WHEN: Mon Jul  4 10:47:04 2011
;; MSG SIZE  rcvd: 109

sput:~$ 

ac-nantes.fr

Responds with RFC1918 addresses.


sput:~$ dig in.ac-nantes.fr @ns1.ac-nantes.fr.

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> in.ac-nantes.fr @ns1.ac-nantes.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23718
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;in.ac-nantes.fr.               IN      A

;; AUTHORITY SECTION:
in.ac-nantes.fr.        86400   IN      NS      nsi1.in.ac-nantes.fr.
in.ac-nantes.fr.        86400   IN      NS      nsi2.in.ac-nantes.fr.

;; ADDITIONAL SECTION:
nsi1.in.ac-nantes.fr.   86400   IN      A       172.30.128.110
nsi2.in.ac-nantes.fr.   86400   IN      A       172.30.128.111

;; Query time: 48 msec
;; SERVER: 195.83.167.1#53(195.83.167.1)
;; WHEN: Mon Jun 16 12:05:30 2014
;; MSG SIZE  rcvd: 103

ptcl.net

Responds with RFC1918 addresses.


host ptcl.net
ptcl.net has address 192.168.2.81

sibiu.rdsnet.ro

Responds with RFC1918 addresses.


host lancelot.sibiu.rdsnet.ro
lancelot.sibiu.rdsnet.ro has address 192.168.1.1

wanners.net

Responds with RFC1918 addresses.


host lt.wanners.net

lt.wanners.net has address 192.168.1.10
lt.wanners.net has IPv6 address 2001:470:8:a0c:226:2dff:fe55:f377

Block

You can block answers like these with Bind (9.7) 'deny-answer-addresses' feature;


	deny-answer-addresses { 
		10.0.0.0/8;
		172.16.0.0/12;
		192.168.0.0/16;
	} except-from { "Your.Domain"; };
	deny-answer-aliases { "Your.Domain"; };

The produces log entries like;


Aug 21 19:31:01 sput named[1601]: answer address 10.0.0.100 denied for spacefon.com/A/IN