DNS blocked for private addresses?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Fibre Broadband
- :
- Re: DNS blocked for private addresses?
DNS blocked for private addresses?
02-08-2015 8:22 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If you want to try and reproduce, try
ping pony.justsayplease.co.uk
It works fine if I change my DNS servers to Google's in my PC network settings, but I can't seem to do that for my phone on WiFi - the DHCP server always sets its own IP as the primary DNS, then Google's as the secondary.
Tech support didn't know anything about it being blocked, nor could help work around it.
So
- Can anyone from Plusnet confirm that 192.168 addresses are blocked from resolving
- How can I make my router (Technicolor TG582n FTTC on the latest firmware, 10.2.5.2) send 8.8.8.8 as the primary DNS? There are a few instructions floating around, but my router seems slightly different - there's no "dns server route list" command for a start...
Re: DNS blocked for private addresses?
02-08-2015 8:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
dig pony.justsayplease.co.uk
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> pony.justsayplease.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11110
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;pony.justsayplease.co.uk. IN A
;; ANSWER SECTION:
pony.justsayplease.co.uk. 300 IN A 192.168.10.66
;; AUTHORITY SECTION:
justsayplease.co.uk. 85918 IN NS dns1.stabletransit.com.
justsayplease.co.uk. 85918 IN NS dns2.stabletransit.com.
;; ADDITIONAL SECTION:
dns1.stabletransit.com. 52826 IN A 69.20.95.4
dns2.stabletransit.com. 54487 IN A 65.61.188.4
;; Query time: 23 msec
;; SERVER: 192.168.0.12#53(192.168.0.12)
;; WHEN: Sun Aug 2 20:37:25 2015
;; MSG SIZE rcvd: 145
dig @8.8.8.8 pony.justsayplease.co.uk
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @8.8.8.8 pony.justsayplease.co.uk
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52568
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;pony.justsayplease.co.uk. IN A
;; ANSWER SECTION:
pony.justsayplease.co.uk. 299 IN A 192.168.10.66
;; Query time: 33 msec
;; SERVER: 8.8.8.8#53(8.8.8.8 )
;; WHEN: Sun Aug 2 20:36:47 2015
;; MSG SIZE rcvd: 58
dig @212.159.6.9 pony.justsayplease.co.uk
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @212.159.6.9 pony.justsayplease.co.uk
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 980
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;pony.justsayplease.co.uk. IN A
;; AUTHORITY SECTION:
justsayplease.co.uk. 86161 IN NS dns1.stabletransit.com.
justsayplease.co.uk. 86161 IN NS dns2.stabletransit.com.
;; Query time: 21 msec
;; SERVER: 212.159.6.9#53(212.159.6.9)
;; WHEN: Sun Aug 2 20:36:28 2015
;; MSG SIZE rcvd: 97
[/tt]
Re: DNS blocked for private addresses?
02-08-2015 8:45 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
You will see that even though "ping pony.justsayplease.co.uk" might resolve, you almost certainly won't get any response. (and won't for "ping 192.168.10.66" either).
Re: DNS blocked for private addresses?
02-08-2015 8:50 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
192.16.x.x is a local subnet and should not be routable to anywhere on the internet. When you tried the ping it probably succeeded with the lookup but failed to route the ping to the looked up address.
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: DNS blocked for private addresses?
02-08-2015 8:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
For changing the DNS settings: method 2 from http://npr.me.uk/changedns.html or the newer commands for the version 10 technicolor firmware: http://npr.me.uk/telnet.html#dnsr10
Re: DNS blocked for private addresses?
02-08-2015 9:02 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
- Yes this is a little strange, but domain names don't have to resolve to public IPs
- 192.168.10.66 is a machine on my internal network - I can access it fine either by IP or using Google DNS
- I got a fellow Plusnet user to try from his home, and he had the same problem as me, so it's not my computers / network settings
@11110_110 interesting you were able to get a response - can you tell me which DNS server that was from?
Re: DNS blocked for private addresses?
02-08-2015 9:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: DNS blocked for private addresses?
02-08-2015 9:19 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: ejs Unless 192.168.10.66 is in RoBorg's own LAN of course.
For changing the DNS settings: method 2 from http://npr.me.uk/changedns.html or the newer commands for the version 10 technicolor firmware: http://npr.me.uk/telnet.html#dnsr10
Thanks
Those newer commands were what I needed for my router, but it's still insisting on setting the DHCP IP as the primary DNS
Re: DNS blocked for private addresses?
02-08-2015 9:23 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Andrue Sounds like 'working as designed' to me. DNS servers are supposed to authoritatively return addresses for names. A public DNS server cannot know what is located at any address in the private ranges so it shouldn't return such an address.
Absolutely not - the DNS system is supposed to take a name and turn it into an IP address. As long as it's a valid IP, it doesn't know or care what's on that IP, or if that IP is routable to the current device.
Adding your internal IPs into DNS is a very common thing to do.
Re: DNS blocked for private addresses?
02-08-2015 9:35 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: DNS blocked for private addresses?
02-08-2015 9:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: jelv I've some internal names/IP addresses that I've added to my PC, not by messing with DNS but by adding them to my hosts file (C:\Windows\System32\drivers\etc\hosts)
Yeah that's what I did originally, but I can't do it on my phone 😕
Re: DNS blocked for private addresses?
02-08-2015 10:07 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: RoBorg @11110_110 interesting you were able to get a response - can you tell me which DNS server that was from?
Yes as follows...
212.118.241.1
212.118.241.33
Re: DNS blocked for private addresses?
02-08-2015 10:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I think you're confused or are trying to muddy the waters.
Quote from: RoBorg Absolutely not - the DNS system is supposed to take a name and turn it into an IP address. As long as it's a valid IP, it doesn't know or care what's on that IP, or if that IP is routable to the current device.
Adding your internal IPs into DNS is a very common thing to do.
A DNS server can always be authoritative within its own network so adding private IP addresses to a private DNS server is of course common practice on anything except the smallest of LANs. However if you re-read the thread we are discussing DNS servers on the public network giving out addresses on private networks. A public DNS server cannot, by definition, give authoritative information about private address spaces. As you yourself have just stated 'As long as it's a valid IP..' and a public DNS server has no idea whether a private address is valid or not.
http://serverfault.com/questions/4458/private-ip-address-in-public-dns
Sounds like it's a dodgy thing to do but doesn't cover whether or not a public DNS server should support it.
Re: DNS blocked for private addresses?
02-08-2015 10:17 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It may be at that address on your LAN, but not for anyone else in the world. An internal nameserver on your LAN (or a hosts file) could validly give that result, but not a public nameserver.
You must somehow have figured a way to get that name/address pair accepted by many nameservers (including 8.8.8.8, 4.2.2.5, 212.118.241.1), all of which which ought to have rejected it. It looks as if Plusnet's nameserver is one of the few that quite correctly has.
(Maybe you didn't figure it out, but you must have somehow cuased it to happen.)
Re: DNS blocked for private addresses?
02-08-2015 10:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote ; <<>> DiG 9.8.6-P1 <<>> pony.justsayplease.co.uk @dns1.stabletransit.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27936
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;pony.justsayplease.co.uk. IN A
;; ANSWER SECTION:
pony.justsayplease.co.uk. 300 IN A 192.168.10.66
;; AUTHORITY SECTION:
justsayplease.co.uk. 86400 IN NS dns2.stabletransit.com.
justsayplease.co.uk. 86400 IN NS dns1.stabletransit.com.
;; Query time: 109 msec
;; SERVER: 69.20.95.4#53(69.20.95.4)
;; WHEN: Sun Aug 02 22:16:25 GMT Summer Time 2015
;; MSG SIZE rcvd: 113
This suggests to me that "pony.justsayplease.co.uk" is intended to be accessed over a VPN.
It's disappointing that some public name server are resolving a private IP address -- I would have though this to be a security issue. Nice to see Plusnet's dns gets something right.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Fibre Broadband
- :
- Re: DNS blocked for private addresses?