main_icn_My_Vodafone main_icn_Search main_icn_Chevron_right main_icn_Chevron_down main_icn_Close main_icn_Menu social-facebook social-google-plus social-linkedin social-twitter social-youtube main_icn_Community_or_Foundation main_icn_Location main_icn_Network_signal

Other broadband queries

DNS Resolution of Private IP Addresses

mw_lt
2: Seeker

HI

Does Vodafone block DNS resolution of A records where the value is that of an internal IP ?

This is due to some work systems which are only accessible via VPN but have a public DNS record with a private address.

Some people on Vodafone are not able to access these but the VPN is working.

View more options
4 REPLIES 4
KeithAlger
16: Advanced member

The IP address supplied by the DNS server has to be a public-facing IP address to allow routing servers on the internet to function.  Once you have your VPN tunnel set up, it should be down to the connected server to manage any internal routing at the remote end.  *additional complexities are possible here!

 

**In some small companies this can be thrown off if remote users have their local networks set up in a non-standard manner. Such as both the remote network and the local user network using the same IP range and expressing addresses as such!

 

***I could be entirely off track here, and am willing to admit it!

View more options
mw_lt
2: Seeker

Thanks Keith I thought this was the case. These are the IETF guidelines back from 2001!

 

https://tools.ietf.org/id/draft-ietf-dnsop-dontpublish-unreachable-01.txt

 

I would like an official word from Vodafone (but it seems very difficult to get any official technical information from ISPs about consumer broadband, Vodafone suggested users switch to using Google for DNS, this doesn't work however) as I work for an IT department which the organisation have this in place for 1 system since March 2020.  I think the DNS record needs deleting so resolution can happen via internal DNS Servers via the VPN connection (this works with other internal web servers via the VPN). For some reason that particular system was having issues with DNS.

 

It appears only Vodafone are blocking the resolving, probably due to security.

Other than shifting the few Staff members to DNS over https I think it will require deleting the DNS record.

View more options
clint_flick
10: Established

Hi

Dunno.  VodaFone should not see any of the details and therefore not block.

 

PRIVATE IP addresses are NEVER forwarded into the cloud/internet etc.

Type A 10.X.X.X has sufficient numbers for a VPN to issue (16,777,216) to all it's customers (probably).

IT WILL NOT BE FORWARDED.

 

So if you have a VPN tunnel you could be using one.

https://au.norton.com/internetsecurity-privacy-what-is-a-vpn-tunnel.html

 

A VPN tunnel allows for your IP address to be hidden and encrypts all data you generate while using the web.

 

A router has basic decisions,

Local PRIVATE IP address should be handled by the switch and sent over the Local network.

NON PRIVATE IP addresses should be routed to the next external device for onward travel.

LoopBack or NULL is for anything/everything else.

 

 

 

 

View more options
clint_flick
10: Established

Hi

Re-read the OP

""DNS resolution of A records""

 

Domain Name Servers will never get the the 10.x.x.x, 172.16.x.x or 192.168.x.x because they are never routed out from your private network. 

 

HOWEVER.....  https://en.wikipedia.org/wiki/DNS_over_HTTPS

The Internet Service Providers Association (ISPA)—a trade association representing British ISPs—and the also British body Internet Watch Foundation have criticized Mozilla, developer of the Firefox web browser, for supporting DoH, as they believe that it will undermine web blocking programs in the country, including ISP default filtering of adult content, and mandatory court-ordered filtering of copyright violations.

 

So ignore all else I have posted please.

 

View more options