RE: Net-24 top prefix generating bogus RFC-1918 queries

["McBurnett, Jim" <jmcburnett () msmgmt com>]

Forgive me..
I thought I understood that 1918 routes were leaking....
Jim

> -----Original Message-----
> From: Sean Donelan [mailto:sean () donelan com]
> Sent: Monday, June 02, 2003 12:26 AM
> To: nanog () merit edu
> Subject: RE: Net-24 top prefix generating bogus RFC-1918 queries
>
>
>
> On Sun, 1 Jun 2003, McBurnett, Jim wrote:
> > guys.. I have a thought...
> > I am a charter fiber customer..
> > AND they use lots of 1918 address for management even some 
> customer links.
> > I have seen this on all the cable providers..
> > unlike Sprint/MCI/ATT they don't use 100% RW on all their equipment..
> >
> > then they leak because the BGP is not filtering properly..
>
> Uhm, incorrect.
>
> A DNS lookup for a RFC1918 in-addr.arpa record is unrelated to BGP or
> BGP filters.
>
> If you want to generate an RFC1918 in-addr.arpa query to the AS112
> servers do the following
>
> > nslookup
> Default Server:  localhost
> Address:  127.0.0.1
>
> > set querytype=any
> > 10.in-addr.arpa
> Server:  localhost
> Address:  127.0.0.1
>
> Non-authoritative answer:
> 10.in-addr.arpa
>        origin = prisoner.iana.org
>        mail addr = hostmaster.root-servers.org
>        serial = 2002040800
>        refresh = 1800 (30M)
>        retry   = 900 (15M)
>        expire  = 604800 (1W)
>        minimum ttl = 604800 (1W)
>
> Authoritative answers can be found from:
> 10.in-addr.arpa nameserver = BLACKHOLE-1.iana.org
> 10.in-addr.arpa nameserver = BLACKHOLE-2.iana.org
> BLACKHOLE-1.iana.org    internet address = 192.175.48.6
> BLACKHOLE-2.iana.org    internet address = 192.175.48.42
> >
>
> Your query will then be included in John's statistics.  You BGP filters
> will not stop it.