Re: migration to new isp - now private addresses showing up publicly?

Kaya Saman Tue, 23 May 2023 05:00:01 -0700


On 5/23/23 12:47, Matus UHLAR - fantomas wrote:

On 23.05.23 12:22, Kaya Saman wrote:
I've got a very strange problem that has emerged somehow aftermigrating my isp.
My setup previously used 2x servers in master/slave configuration formy public "view" and then had 3x servers for the "internal" view.This was working fine for years and I have been regularly testingusing online dns healthcheck sites such as mxtoolbox etc...
Now when I try to run any type of check from mxtoolbox or other siteeg. https://dnschecker.org/ I am getting my private IP's showinginstead of the public ones?
Initially it started off by my external zone files not transferringwhich I managed to see that the information was trying to traverse myNAT (I know, not the best practice to have all dns servers on thesame network).
As a result external emails from my mail server are not working toowell with a hit and miss type thing going on right now.
Just to go over, my zone files are fine as the 'external' ones onlyhave public ip addresses in them and do not include any type ofinternal addressing whatsoever.
Here's an example of the config in named.conf for the master:
view "external" {
    match-clients { !internals; any; };
[...]
view "external" {
    match-clients { !internals; any; };
I don't see your definition of "internals".
Also, I don't see your definition of internal view.
if internal IP addresses are visible on the internet, obviously theinternet sources fall into your internal view, not into this one.


Hi, I omitted those but here they are:


acl internals {
    127.0.0.0/8;
    192.168.0.0/16;
    172.16.0.0/12;
    10.0.0.0/8;
};

// These zones are already covered by the empty zones listed below.
// If you remove the related empty zones below, comment these lines out.
        disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";

disable-empty-zone"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; disable-empty-zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";



// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.

// The traditional root hints mechanism. Use this, OR the slave zones below.
zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };

// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)

zone "localhost" { type master; file"/usr/local/etc/namedb/master/localhost-forward.db"; };zone "127.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/localhost-reverse.db"; };zone "255.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// RFC 1912-style zone for IPv6 localhost address (RFC 6303)

zone "0.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/localhost-reverse.db"; };


// "This" Network (RFCs 1912, 5735 and 6303)

zone "0.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// Private Use Networks (RFCs 1918, 5735 and 6303)

zone "10.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "16.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "17.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "18.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "19.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "20.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "21.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "22.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "23.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "24.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "25.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "26.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "27.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "28.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "29.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "30.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "31.172.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "168.192.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// Shared Address Space (RFC 6598)

zone "64.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "65.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "66.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "67.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "68.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "69.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "70.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "71.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "72.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "73.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "74.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "75.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "76.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "77.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "78.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "79.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "80.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "81.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "82.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "83.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "84.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "85.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "86.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "87.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "88.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "89.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "90.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "91.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "92.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "93.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "94.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "95.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "96.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "97.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "98.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "99.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "100.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "101.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "102.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "103.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "104.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "105.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "106.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "107.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "108.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "109.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "110.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "111.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "112.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "113.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "114.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "115.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "116.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "117.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "118.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "119.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "120.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "121.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "122.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "123.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "124.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "125.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "126.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "127.100.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// Link-local/APIPA (RFCs 3927, 5735 and 6303)

zone "254.169.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// IETF protocol assignments (RFCs 5735 and 5736)

zone "0.0.192.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)

zone "2.0.192.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "100.51.198.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "113.0.203.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// IPv6 Example Range for Documentation (RFCs 3849 and 6303)

zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// Domain Names for Documentation and Testing (BCP 32)
zone "test" { type master; file "/usr/local/etc/namedb/master/empty.db"; };

zone "example" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "invalid" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "example.com" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "example.net" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "example.org" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// Router Benchmark Testing (RFCs 2544 and 5735)

zone "18.198.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "19.198.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// IANA Reserved - Old Class E Space (RFC 5735)

zone "240.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "241.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "242.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "243.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "244.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "245.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "246.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "247.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "248.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "249.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "250.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "251.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "252.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "253.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "254.in-addr.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// IPv6 Unassigned Addresses (RFC 4291)

zone "1.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "3.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "4.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "5.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "6.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "7.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "8.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "9.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "a.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "b.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "c.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "d.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "e.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "0.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "1.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "2.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "3.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "4.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "5.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "6.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "7.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "8.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "9.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "a.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "b.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "0.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "1.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "2.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "3.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "4.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "5.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "6.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "7.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// IPv6 ULA (RFCs 4193 and 6303)

zone "c.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "d.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// IPv6 Link Local (RFCs 4291 and 6303)

zone "8.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "9.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "a.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "b.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)

zone "c.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "d.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "e.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };zone "f.e.f.ip6.arpa" { type master; file"/usr/local/etc/namedb/master/empty.db"; };


// IP6.INT is Deprecated (RFC 4159)

zone "ip6.int" { type master; file"/usr/local/etc/namedb/master/empty.db"; };



    zone "domain.com" {
       type master;
       file "/var/named/var/named/domain.db";
       allow-transfer { int_dns2; int_dns3; };
       allow-query { internals; };
    };

    zone "1.168.192.in-addr.arpa" {
       type master;
       file "/var/named/var/named/192.168.1.rev";
       allow-transfer { int_dns2; int_dns3; };
       allow-query { internals; };
    };

...

;

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: migration to new isp - now private addresses showing up publicly?

Reply via email to