Entries : Category [ Networking ]
[OpenBSD]  [BSD]  [FreeBSD]  [Linux]  [Security]  [Python]  [Zope]  [Daily]  [e-shell]  [Hacks]  [PostgreSQL]  [OSX]  [Nintendo DS]  [enlightenment]  [Apache]  [Nintendo Wii]  [Django]  [Music]  [Plone]  [Varnish]  [Lugo]  [Sendmail]  [europython]  [Cherokee]  [self]  [Nature]  [Hiking]  [uwsgi]  [nginx]  [cycling]  [Networking]  [DNS] 

30 junio
2015

Bogons in your DNS setup

Nothing is forever, you know

This morning, on IRC, my friend betabug reported that he had some problems while trying to resolve a domain name which DNS servers are under my control.

Each time he queried any of those servers, he got a timeout.

We went through a debugging process, but we weren't lucky. We found nothing that could have been causing such a behaviour.

Until I asked the magic question, which opened the door to where the problem was laying:

10:00 < Wu> betabug: which is your ip address there?
10:01 < betabug> Wu: 127.0.0.1
10:02 < Wu> public ip address ;D
10:02 < betabug> hahahaha
10:02 < betabug> 2.84.XX.XXX
10:02 < betabug> nice ip

Somehow that ip address in the 2.0.0.0 block looked a bit suspicious. I checked the named.conf file in one of the DNS servers and...

acl "bogon" {
      0.0.0.0/8;
      1.0.0.0/8;
      2.0.0.0/8;
      10.0.0.0/8;
      192.0.2.0/24;
      172.16.0.0/12;
      224.0.0.0/3;
};

And a bit further down the config file:

blackhole { bogon; };

This means that any ip address in those ranges will be kind of blacklisted for the DNS server.

And now, probably, you are asking yourself why this guy blocks those ranges?. Well, to understand why, first you have to know what a bogon is. One good explanation can be found here: http://packetlife.net/blog/2009/jan/21/whats-bogon

A bogon route is a type of route which shouldn't exist on the
global Internet. More specifically, "bogon" (derived from the
word "bogus") refers to an advertisement for a prefix within a
reserved or otherwise unallocated IP network.

Team Cymru has also a couple of interesting pages about bogons:

So, it seems that in the last days of the ipv4 era, registrars are opening/releasing blocks that have been reserved since the beginning. This means that my DNS servers have been blocking queries from licit ip addresses on those ranges for some time.

Removing them was easy, problem solved.

Reminder: Even as this all will change when the last of the ipv4 block is sold out, take care, as stated in The bogon reference that:

It is important to realize that the bogon and fullbogon lists are NOT static lists.

Posted by wu at 12:20 | Comments (0) | Trackbacks (0)
[1]