Don’t use APNIC ranges for test addresses

Spread the love

A tip for those of you who manage DNS servers:

If you absolutely MUST put a fake entry in your zone, DON’T point it to 1.1.1.1 or 1.2.3.4.  Either point it to an address (of your own!) that you know to be unused or point it to an RFC5737 address (192.0.2.0/24, 198.51.100.0/24, and 203.0.113.0/24).  It’s still not a good idea, but at least they’re non-routable addresses that you’re (probably) not using in your network so it won’t give away internal information.

Pointing it to anything in the 1.x.x.x range sends the resulting traffic to APNIC parts of the Internet that include Asia and Australia.  You have no control over these addresses.  Don’t put your customers in danger.

Leave a Reply

Your email address will not be published. Required fields are marked *