Can't resolve local IP using remote dns server
Indirect references to such addresses should be contained within the enterprise. Prominent examples of such references are DNS Resource Records and other information referring to internal private addresses. In particular, Internet service providers should take measures to prevent such leakage. -- RFC 1918
You are not supposed to be propogating DNS records with RFC 1918 addresses outside your enterprise. If you want to create an "internal" version of your DNS zone that contains internal addresses, that's fine (and that will work). But you are not supposed to use the Internet's DNS backbone to do it.
Admin
Updated on September 18, 2022Comments
-
Admin over 1 year
I'm trying to do something I thought would be pretty simple.
Mapping
local.mydomain.com
to192.168.0.1
using my registrar's DNS server.(namecheap.com)I've added an A Record for
local
with value of192.168.0.1
trying to lookup
local.mydomain.com
using websites like just-dnslookup.com returns the proper IP address. but trying toping
ornslookup
in windows results in these errors.Ping:
Ping request could not find host local.mydomain.com. Please check the name and try again.
nslookup
No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for local.mydomain.com.
Changing the IP address for the a record to a non-private IP (eg.
168.62.9.65
) fixes the lookup issue.I'm suspecting windows doesn't like the fact that a local IP is returned by the DNS server?
-
jacobq over 8 yearsI understand that RFC1918 addresses should not be published outside of internal networks. However, I am having a problem like this with my internal server (OpenWrt forwarding requests to Windows 2008 R2). What does the "internal type" in the error message mean?
-
mozzbozz about 2 years"Indirect references to such addresses should be contained within the enterprise. Prominent examples of such references are DNS Resource Records and other information referring to internal private addresses." - 'should' isn't "must not". It's simply the easiest solution for many use cases, e.g. when you want to obtain a valid Let's Encrypt certificate for your internal behind-VPN-services. Setting up your own DNS etc. is just overkill for it.