Help, my networks talk to prisoner. This was a funny one – client saw lots of
DNS queries passing the Fortigate addressed at the prisoner.iana.org and was
worried what this was about. No worry – it just means (misconfigured) clients in
the LAN are trying to get PTR records for the private RFC 1918 IPs
(192.168.0.0/16, 10.0.0.0/8 etc) on the Internet. Those servers by IANA are
registered to be authoritative for those reverse zones 10.in-addr.arpa to
deflect all such junk coming to them from around the Globe.

More details can be read in RFC 6305
titled ” I’m Being Attacked by PRISONER.IANA.ORG!” https://datatracker.ietf.org/doc/html/rfc6305.html . Another case of
“It is easy to be hard, it is harder to be smart” – IANA could try explain to
network admins till forever to stop such traffic going to the Internet/block
such traffic, or …​ they could just route this junk to the junk DNS servers and
be done with it.
Stay safe.

Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I
publish on Linkedin, Github, blog, and more.

Posted in Tech Articles News

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*