These people should run Split-horizon DNS;
| Host | Wrong IP address | Reason |
|---|---|---|
| claymore.eca.usp.br | 172.16.10.13 | RFC 1918 |
| dns01-farm8.kinghost.net | 10.5.8.2 | RFC 1918 |
| dns01.hb.chinamobile.com | 192.168.20.2 | RFC 1918 |
| dns02-farm8.kinghost.net | 10.7.8.3 | RFC 1918 |
| dns02.hb.chinamobile.com | 192.168.22.2 | RFC 1918 |
| hx-rec-ns1.data.lt | 10.48.1.253 | RFC 1918 |
| ibdxbns3.duhosting.ae | 10.198.18.10 | RFC 1918 |
| ibdxbns4.duhosting.ae | 10.198.18.14 | RFC 1918 |
| njextdns.avaya.com | 192.168.80.1 | RFC 1918 |
| ns02.foxinc.com | 10.215.244.27 | RFC 1918 |
| ns1.comeconnect.com | 64:ff9b::caa4:2051 | RFC 6052 |
| ns1.motianya.com | 192.168.1.1 | RFC 1918 |
| ns1.netplus.co.in | 64:ff9b::6729:17c2 | RFC 6052 |
| ns1.punjab.gov.pk | 10.20.24.138 | RFC 1918 |
| ns21.cdelightband.net | 10.190.0.32 | RFC 1918 |
| ns2.comeconnect.com | 64:ff9b::caa4:2052 | RFC 6052 |
| ns2.motianya.com | 192.168.1.1 | RFC 1918 |
| ns2.netplus.co.in | 64:ff9b::6729:17c3 | RFC 6052 |
| ns2.parspack.co | 10.201.2.199 | RFC 1918 |
| ns2.punjab.gov.pk | 10.50.27.138 | RFC 1918 |
| ns3.tataidc.co.in | 64:ff9b::6708:2d05 | RFC 6052 |
| ns4.tataidc.co.in | 64:ff9b::6708:2e05 | RFC 6052 |
| ns5.tataidc.co.in | 64:ff9b::6708:2c05 | RFC 6052 |
| phish.proxy.umbrella.opendns.com | ::ffff:208.69.35.157 | IPv4-mapped IPv6 addresses |
| solor.lan.mihgroup.net | 10.0.0.2 | RFC 1918 |
| szedu.com | 172.16.3.11 | RFC 1918 |
Last update: Sun 17 Feb 07:02:01 UTC 2019
You can block answers like these with Bind's 'deny-answer-addresses' feature;
deny-answer-addresses {
// Unconfigured
0.0.0.0;
// RFC 1918
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
// RFC 3927
169.254.0.0/16;
// IPv6
// :: to ::ffff:ffff:ffff.
// Includes ::, ::1, IPv4-Compatible IPv6 Addresses ::/96,
// and IPv4-mapped IPv6 addresses ::ffff:0:0/96
::/80;
// IPv6 Link local
fe80::/10;
// RFC 6052
64:ff9b::/96;
} except-from { "Your.Domain"; };
deny-answer-aliases { "Your.Domain"; };
The produces log entries like;
Aug 21 19:31:01 sput named[1601]: answer address 10.0.0.100 denied for spacefon.com/A/IN
Not blocking these addresses can be a serious security risk.