however, you may have received an email from us - let’s explain why.
why I’m getting emails from you?
we’re contacting you with this email, as we see traffic leaking from one of your networks to anycasted AS112 prefixes for reverse-name mapping for IP address space from RFC1918 range.
in plain English, this means that some machines in your network, or your DNS server acting as local resolver, is not properly configured and is leaking queries to internet. those queries can’t be really answered in any meaningful way. so, for example, you may be using 192.168/16 network in your local network. your hosts may start to ask questions over DNS like this one:
“What is name of the host at 192.168.0.5?”
as you can imagine, in any internet location, answering such question doesn’t make any sense, as a lot of Customers are running their networks using RFC1918 address space (that’s what its for!). they also typically run NAT for IP traffic, however DNS by default doesn’t do “NAT” operations as it wouldn’t make any sense.
you may be therefore leaking your private queries, that may or may not be waste of resources (yours and other internet connected devices) and potentially also security gap.
depending on your DNS server/resolver, there are different ways to stop this leaking.
you don’t need to do that of course, but it would be nice in spirit of Postel Robustness Principle, to care about Internet hygiene.
where I can find more information and fix my deployment?
if you’re operating your DNS server, or managing network, please take a look below for references to most popular DNS servers:
- for BIND
- for Unbound by default you should be safe. There are some tweaks that can be done using
private-domainif you’re using Unbound to resolve your own local names. Some examples can be found for example here & here
- for Microsoft Server
- you can find more context on AS112 project here.
- you can find more information about DNS reverse queries here.