Knowledge Base ISC Main Website Ask a Question/Contact ISC
What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean?
Author: ISC Support Reference Number: AA-00204 Views: 19507 Created: 2011-03-18 14:08 Last Updated: 2014-11-01 09:56 0 Rating/ Voters

If the IN-ADDR.ARPA name covered refers to a internal address space you are using then you have failed to follow RFC 1918 usage rules and are leaking queries to the Internet.

You should establish your own zones for these addresses to prevent you querying the Internet's name servers for these addresses. Please see http://public.as112.net/ for details of the problems you are causing and the counter measures that have had to be deployed.If you are not using these private addresses then a client has queried for them. You can just ignore the messages, get the offending client to stop sending you these messages as they are most probably leaking them, or setup your own empty zones to serve answers to these queries.

zone "10.IN-ADDR.ARPA" {
        type master;
        file "empty";
};

zone "16.172.IN-ADDR.ARPA" {
        type master;
        file "empty";
};

...

zone "31.172.IN-ADDR.ARPA" {
        type master;
        file "empty";
};

zone "168.192.IN-ADDR.ARPA" {
        type master;
        file "empty";
};

empty:

@ 10800 IN SOA
. . (
      1 3600 1200 604800 10800 )
@ 10800 IN NS
.


BIND 9.10.0, 9.9.0, 9.8.1, 9.7.4, 9.6-ESV-R5 (and all minor and major versions released since these) include automatic empty zones for RFC 1918 prefixes

See Automatic empty zones (including RFC 1918 empty zones) for more details on how these are enabled and how to configure exceptions (this article requires KB registration to login and view).


© 2001-2016 Internet Systems Consortium

Please help us to improve the content of our knowledge base by letting us know below how we can improve this article.

If you have a technical question or problem on which you'd like help, please don't submit it here as article feedback.

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

Feedback
  • There is no feedback for this article
Info Submit Feedback on this Article
Nickname: Your Email: Subject: Comment:
Enter the code below:
Quick Jump Menu