cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AntonyScerri
Aspiring Contributor
233 Views
Message 1 of 9

Do BT routers block DNS which resolve to private IPs

Hi

Been trying to find a definitive answer to this. Basically some host names are configured with private IPs and these do not appear to resolve over the home network going through a BT router. Switching to a mobile hotspot they are fine. Also querying the BT name servers (taken from the routers current config) directly works fine as well it only seems to be when it trying to resolve against the router. The IP in this case was a 10.x.x.x. I'm not expecting anyone to be able to reach this over the internet etc, its a managed service which is simply pushing the host name with internal IP but the routing is setup correctly. This is only effecting some users, so far that appears to be BT users in the UK and we have a similar situations with an ISP in the US. For now we are just switching to Google DNS but would like to pin point the cause of these DNS failures to rule out anything else. Anyone aware of any documentation describing this behaviour?

Tony

0 Ratings
Reply
8 REPLIES 8
licquorice
Distinguished Sage
Distinguished Sage
229 Views
Message 2 of 9

Re: Do BT routers block DNS which resolve to private IPs

DNS can't resolve host names to private address ranges directly, it can only resolve them to public IP addresses which are then in turn forwarded to the private address. The whole point of private addresses is that they aren't routable.

0 Ratings
Reply
AntonyScerri
Aspiring Contributor
217 Views
Message 3 of 9

Re: Do BT routers block DNS which resolve to private IPs

Sorry I believe you are confusing routing with name resolution. DNS is quite capable of returning private IP addresses.

0 Ratings
Reply
licquorice
Distinguished Sage
Distinguished Sage
204 Views
Message 4 of 9

Re: Do BT routers block DNS which resolve to private IPs


@AntonyScerri wrote:

 DNS is quite capable of returning private IP addresses.


To what purpose?

0 Ratings
Reply
AntonyScerri
Aspiring Contributor
194 Views
Message 5 of 9

Re: Do BT routers block DNS which resolve to private IPs

So not the exact reason in this case BUT when you have a FQDN on a network which uses those private IP addresses the DNS will server them up in response to a lookup on that name. 

 

I understand there is a long running debate about whether private IPs should be surfaced via public DNS or not. However I'm just trying to identify the point at which things are being cut off. From everything I can tell as in my original post the name servers like Google's happily return the private IP, as does the BT name servers (eg 81.139.57.100), however the BT SmartHub routers which is configured to use that (BT) name server but promotes its self as the local DNS server on your home network will not return the entry. 

I'm just trying to get some definitive confirmation this is a deliberate filtering done on the BT routers. 

0 Ratings
Reply
licquorice
Distinguished Sage
Distinguished Sage
174 Views
Message 6 of 9

Re: Do BT routers block DNS which resolve to private IPs


@AntonyScerri wrote:

So not the exact reason in this case BUT when you have a FQDN on a network which uses those private IP addresses the DNS will server them up in response to a lookup on that name. 

Ok, but only accessible to that network

 

I understand there is a long running debate about whether private IPs should be surfaced via public DNS or not. However I'm just trying to identify the point at which things are being cut off. From everything I can tell as in my original post the name servers like Google's happily return the private IP, as does the BT name servers (eg 81.139.57.100), however the BT SmartHub routers which is configured to use that (BT) name server but promotes its self as the local DNS server on your home network will not return the entry. 

I guess the router is trying to use its local DNS server to resolve the hostname somehow but  won't have an A record. Not sure why it would do that though.

I'm just trying to get some definitive confirmation this is a deliberate filtering done on the BT routers. 

Not sure you will get a definitive answer here as this is basically a customer to customer self help forum. I'll flag this to the mods to see if they can elicit any expert help.

 


 

0 Ratings
Reply
AntonyScerri
Aspiring Contributor
164 Views
Message 7 of 9

Re: Do BT routers block DNS which resolve to private IPs

Exactly its a bit of a tangle but something is filtering it out somewhere 🙂

I'm checking via multiple avenues to try and get to the bottom of it, if you can bump it here just in case that would be great.

0 Ratings
Reply
WSH
Contributor
146 Views
Message 8 of 9

Re: Do BT routers block DNS which resolve to private IPs

It’s unclear what you are trying to achieve here.

“…long running debate about whether private IPs should be surfaced via public DNS or not”.  Common sense should suggest that this is because they are not unique on the Internet, so how is a remote DNS server to resolve an address that exists in multiple locations? 

“From everything I can tell as in my original post the name servers like Google's happily return the private IP, as does the BT name servers (eg 81.139.57.100),”…81.139.57.100 is not a private address.  I suspect your real problem is NAT rather than DNS. 

0 Ratings
Reply
AntonyScerri
Aspiring Contributor
130 Views
Message 9 of 9

Re: Do BT routers block DNS which resolve to private IPs

The host name is unique that is what is being looked up by a DNS request. The IP returned may well not be unique, and isnt so for many valid reasons, this is not the problem.

The IP Address I gave 81.139.57.100 is one of BT's name servers which you can direct DNS requests to. If you query this for a domain which returns a private IP it will return the records. As will Google's. If however you use the default automatic network configuration provided by the BT router, it will configure your dns server as the router, which when queried will not return the record, making it seem the domain name does not exist. I'm trying to find out what is blocking that particular response, as it seems to be the router.

 

0 Ratings
Reply