RFC 1918

Posted by & filed under DNS, Networking, Server Admin.

I recently setup a BIND dns server and after monitoring the logs for some time found lines like this:

RFC 1918 response from Internet for 0.10.168.192.in-addr.arpa

This means one of two things… either the bind server itself is querying the internet for local subnets and leaking info the the internet, or a DNS client queried them. Since the logs indicate the source IP, I know it is not the BIND server.

To remedy this, I enabled RFC1918 zones on the server to catch the queries before the leak to the internet. It ended up looking something like this:

zone "10.IN-ADDR.ARPA" {
type master;
file "empty";
};

zone "16.172.IN-ADDR.ARPA" {
type master;
file "empty";
};

...

zone "31.172.IN-ADDR.ARPA" {
type master;
file "empty";
};

zone "168.192.IN-ADDR.ARPA" {
type master;
file "empty";
};

empty:
@ 10800 IN SOA . . (
1 3600 1200 604800 10800 )
@ 10800 IN NS .

Removing MX records from a Microsoft DNS Server via script

Posted by & filed under DNS, Email, Programming, Server Admin.

We recently switched our barracuda system from using two equally weighted MX records to using one MX record that points to two same-named A records. We are hoping that this will help better load balance the Barracuda cluster. I wrote a quick-n-dirty batch script to remove the second barracuda MX record from our DNS zones:

for /f %%h in (domains.txt) do dnscmd /RecordDelete %%h @ MX 10 servername.net /f

This script takes the input file domains.txt and processes each domain contained in the text file. The format is one domain per line…