What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean?

Updated on 05 Oct 2018
1 Minute to read
Contributors

Print
Share
Dark

Light
PDF

Article Summary

Share feedback

Thanks for sharing your feedback!

If the IN-ADDR.ARPA name covered refers to a internal address space you are using, then you have failed to follow RFC 1918 usage rules and are leaking queries to the Internet. You should establish your own zones for these addresses to prevent you querying the Internet's name servers for these addresses.

If you are not using these private addresses, then a client has queried for them. You can just ignore the messages, get the offending client to stop sending you these messages as they are most probably leaking them, or set up your own empty zones to serve answers to these queries.

zone "10.IN-ADDR.ARPA" {
        type master;
        file "empty";
};

zone "16.172.IN-ADDR.ARPA" {
        type master;
        file "empty";
};

...

zone "31.172.IN-ADDR.ARPA" {
        type master;
        file "empty";
};

zone "168.192.IN-ADDR.ARPA" {
        type master;
        file "empty";
};

empty:

@ 10800 IN SOA . . (
      1 3600 1200 604800 10800 )
@ 10800 IN NS .

BIND 9.10.0, 9.9.0, 9.8.1, 9.7.4, 9.6-ESV-R5 (and all minor and major versions released since these) include automatic empty zones for RFC 1918 prefixes

See Automatic empty zones (including RFC 1918 empty zones) for more details on how these are enabled and how to configure exceptions.

What's Next

What do +EDC and other letters I see in my query log mean?