These people should run Split-horizon DNS;
Host | Wrong IP address | Reason |
---|---|---|
5696908.renufunctionalwellness.com | 10.0.2.15 | RFC 1918 |
85.191.45.43.dynamic.dhcp.aura-net.dk | :: | IPv6 Unconfigured |
89-20-169-130.static.ef-service.nl | :: | IPv6 Unconfigured |
antrax.virgos.com.br | 192.168.0.10 | RFC 1918 |
creativeapps-ct.tdameritrade.com | 0.0.0.0 | Unconfigured |
dyn018216.shef.ac.uk | 172.16.18.216 | RFC 1918 |
imap0.officemail.fi001.nl.intern.freedomnet.nl | 10.1.1.115 | RFC 1918 |
ns1.netplus.co.in | 64:ff9b::6729:17c2 | RFC 6052 |
ns2.netplus.co.in | 64:ff9b::6729:17c3 | RFC 6052 |
ns4.tataidc.co.in | 64:ff9b::6708:2e05 | RFC 6052 |
resolv-ixc-2.hoztnode.net | 172.31.112.230 | RFC 1918 |
srv1.unicollege.net | 192.168.10.1 | RFC 1918 |
Last update: Wed 8 Feb 07:02:02 UTC 2023
You can block answers like these with Bind's 'deny-answer-addresses' feature;
deny-answer-addresses { // Unconfigured 0.0.0.0; // RFC 1918 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; // RFC 3927 169.254.0.0/16; // IPv6 // :: to ::ffff:ffff:ffff. // Includes ::, ::1, IPv4-Compatible IPv6 Addresses ::/96, // and IPv4-mapped IPv6 addresses ::ffff:0:0/96 ::/80; // RFC 6052 64:ff9b::/96; // Reserved for Documentation 2001:db8::/32; // IPv6 Unique Local fc00::/7; // IPv6 Link local fe80::/10; // IPv6 Site local fec0::/10; // Your IPv6 address range(s) Net/Mask } except-from { "Your.Domain"; }; deny-answer-aliases { "Your.Domain"; };
The produces log entries like;
Aug 21 19:31:01 sput named[1601]: answer address 10.0.0.100 denied for spacefon.com/A/IN
Not blocking these addresses can be a serious security risk.