Menu
What's new
By:
Filters Better Search

Trying to understand this PTR recorf

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Mogsy

Mogsy

Senior Member
Hello,

New here and been helping a friend setting up AX86U. Just curious about this ptr. I know Apple devices do this but never seen this subnet/reverse subnet tho. Only my iPhone making this query. Seeing logs on my NextDNS configuration page. Can someone help me understand what this is? Quick google saying it is some sort of network intrusion.

Loving the userfriendly GUI btw, and donated something just now. Thank you for your great work! Getting my own router soon lol

The thing in question is lb._dns-sd._udp.6.0.0.192.in-addr.arpa. Seen reverse subnet of 172.x.x or 192.168.x.x but not this one.

Hmmm why does my attachment looking like GUID rather than image name
 

Attachments

  • 853AE992-7C1E-4BAF-A7B0-BB3E91B4A087.png
    853AE992-7C1E-4BAF-A7B0-BB3E91B4A087.png
    72.7 KB · Views: 124
That looks like unicast DNS-SD traffic. Have you misconfigured your network as 192.0.0.x?
 
This iPhone is on guest network 192.168.102.1, router is 192.168.58.1 with no IPV6 switched on yet
 
Mogsy said:
6.0.0.192
Click to expand...
Translates to 192.0.0.6

WHOIS 192.0.0.6 | - | AbuseIPDB

www.abuseipdb.com www.abuseipdb.com

WHOIS 192.0.0.1 | - | AbuseIPDB

www.abuseipdb.com www.abuseipdb.com

Code: 
 whois 192.0.0.1

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#



# start

NetRange:       192.0.0.0 - 192.0.0.255
CIDR:           192.0.0.0/24
NetName:        SPECIAL-IPV4-REGISTRY-IANA-RESERVED
NetHandle:      NET-192-0-0-0-1
Parent:         NET192 (NET-192-0-0-0-0)
NetType:        IANA Special Use
OriginAS:       
Organization:   Internet Assigned Numbers Authority (IANA)
RegDate:        1996-07-01
Updated:        2013-08-30
Comment:        Addresses starting with "192.0.0." are reserved for a variety of different protocols by the IETF, the organization that develops Internet protocols.  The common factor is that these addresses are not used by a single organization but by any network where the specific protocol is implemented.
Comment:       
Comment:        The list of currently registered addresses can be found at:
Comment:       
Comment:        http://www.iana.org/assignments/iana-ipv4-special-registry
Comment:       
Comment:        Addresses from this range should not be used as an alternative to the private IPv4 address ranges assigned by the IETF in the Best Current Practice document, RFC 1918, which can be found at:
Comment:        http://datatracker.ietf.org/doc/rfc1918
Ref:            https://rdap.arin.net/registry/ip/192.0.0.0



OrgName:        Internet Assigned Numbers Authority
OrgId:          IANA
Address:        12025 Waterfront Drive
Address:        Suite 300
City:           Los Angeles
StateProv:      CA
PostalCode:     90292
Country:        US
RegDate:       
Updated:        2012-08-31
Ref:            https://rdap.arin.net/registry/entity/IANA


OrgTechHandle: IANA-IP-ARIN
OrgTechName:   ICANN
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@iana.org
OrgTechRef:    https://rdap.arin.net/registry/entity/IANA-IP-ARIN

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   ICANN
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@iana.org
OrgAbuseRef:    https://rdap.arin.net/registry/entity/IANA-IP-ARIN

# end


# start

NetRange:       192.0.0.0 - 192.0.0.7
CIDR:           192.0.0.0/29
NetName:        DS-LITE-RFC-6333-11-IANA-RESERVED
NetHandle:      NET-192-0-0-0-2
Parent:         SPECIAL-IPV4-REGISTRY-IANA-RESERVED (NET-192-0-0-0-1)
NetType:        IANA Special Use
OriginAS:       
Organization:   Internet Assigned Numbers Authority (IANA)
RegDate:        2011-09-14
Updated:        2011-09-14
Comment:        This block is used for DS-LITE, a technology for
Comment:        sharing an single IPv4 address among multiple broadband
Comment:        customers by combining IP in IP and Network Address Translation. 
Comment:        It was assigned by the IETF in the Standards Track document,
Comment:        RFC 6333, which can be found at:
Comment:        http://www.rfc-editor.org/rfc/rfc6333.txt
Ref:            https://rdap.arin.net/registry/ip/192.0.0.0



OrgName:        Internet Assigned Numbers Authority
OrgId:          IANA
Address:        12025 Waterfront Drive
Address:        Suite 300
City:           Los Angeles
StateProv:      CA
PostalCode:     90292
Country:        US
RegDate:       
Updated:        2012-08-31
Ref:            https://rdap.arin.net/registry/entity/IANA


OrgTechHandle: IANA-IP-ARIN
OrgTechName:   ICANN
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@iana.org
OrgTechRef:    https://rdap.arin.net/registry/entity/IANA-IP-ARIN

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   ICANN
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@iana.org
OrgAbuseRef:    https://rdap.arin.net/registry/entity/IANA-IP-ARIN

# end



#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#
 
I don't think it's network intrusion. It seems to be another "Apple thing". There's a config line for it in Unbound here.
 
Tech Junky said:
Translates to 192.0.0.6

WHOIS 192.0.0.6 | - | AbuseIPDB

www.abuseipdb.com www.abuseipdb.com

WHOIS 192.0.0.1 | - | AbuseIPDB

www.abuseipdb.com www.abuseipdb.com

Code: 
whois 192.0.0.1

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#



# start

NetRange:       192.0.0.0 - 192.0.0.255
CIDR:           192.0.0.0/24
NetName:        SPECIAL-IPV4-REGISTRY-IANA-RESERVED
NetHandle:      NET-192-0-0-0-1
Parent:         NET192 (NET-192-0-0-0-0)
NetType:        IANA Special Use
OriginAS:      
Organization:   Internet Assigned Numbers Authority (IANA)
RegDate:        1996-07-01
Updated:        2013-08-30
Comment:        Addresses starting with "192.0.0." are reserved for a variety of different protocols by the IETF, the organization that develops Internet protocols.  The common factor is that these addresses are not used by a single organization but by any network where the specific protocol is implemented.
Comment:      
Comment:        The list of currently registered addresses can be found at:
Comment:      
Comment:        http://www.iana.org/assignments/iana-ipv4-special-registry
Comment:      
Comment:        Addresses from this range should not be used as an alternative to the private IPv4 address ranges assigned by the IETF in the Best Current Practice document, RFC 1918, which can be found at:
Comment:        http://datatracker.ietf.org/doc/rfc1918
Ref:            https://rdap.arin.net/registry/ip/192.0.0.0



OrgName:        Internet Assigned Numbers Authority
OrgId:          IANA
Address:        12025 Waterfront Drive
Address:        Suite 300
City:           Los Angeles
StateProv:      CA
PostalCode:     90292
Country:        US
RegDate:      
Updated:        2012-08-31
Ref:            https://rdap.arin.net/registry/entity/IANA


OrgTechHandle: IANA-IP-ARIN
OrgTechName:   ICANN
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@iana.org
OrgTechRef:    https://rdap.arin.net/registry/entity/IANA-IP-ARIN

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   ICANN
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@iana.org
OrgAbuseRef:    https://rdap.arin.net/registry/entity/IANA-IP-ARIN

# end


# start

NetRange:       192.0.0.0 - 192.0.0.7
CIDR:           192.0.0.0/29
NetName:        DS-LITE-RFC-6333-11-IANA-RESERVED
NetHandle:      NET-192-0-0-0-2
Parent:         SPECIAL-IPV4-REGISTRY-IANA-RESERVED (NET-192-0-0-0-1)
NetType:        IANA Special Use
OriginAS:      
Organization:   Internet Assigned Numbers Authority (IANA)
RegDate:        2011-09-14
Updated:        2011-09-14
Comment:        This block is used for DS-LITE, a technology for
Comment:        sharing an single IPv4 address among multiple broadband
Comment:        customers by combining IP in IP and Network Address Translation.
Comment:        It was assigned by the IETF in the Standards Track document,
Comment:        RFC 6333, which can be found at:
Comment:        http://www.rfc-editor.org/rfc/rfc6333.txt
Ref:            https://rdap.arin.net/registry/ip/192.0.0.0



OrgName:        Internet Assigned Numbers Authority
OrgId:          IANA
Address:        12025 Waterfront Drive
Address:        Suite 300
City:           Los Angeles
StateProv:      CA
PostalCode:     90292
Country:        US
RegDate:      
Updated:        2012-08-31
Ref:            https://rdap.arin.net/registry/entity/IANA


OrgTechHandle: IANA-IP-ARIN
OrgTechName:   ICANN
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@iana.org
OrgTechRef:    https://rdap.arin.net/registry/entity/IANA-IP-ARIN

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   ICANN
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@iana.org
OrgAbuseRef:    https://rdap.arin.net/registry/entity/IANA-IP-ARIN

# end



#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#
Click to expand...
Probably something to do with this? https://techmusa.com/dual-stack-lite/
But plenty of Apple devices here only one iPhone making the query. Also found out my friend’s ISP has 100.64.x.x private IP in CG Nat environment
 
According to the IANA, "The IPv4 address 192.0.0.1 is reserved as the IPv4 address of the default router for such Dual-Stack Lite hosts".
 
ColinTaylor said:
According to the IANA, "The IPv4 address 192.0.0.1 is reserved as the IPv4 address of the default router for such Dual-Stack Lite hosts".
Click to expand...
Can’t find the link for “network intrusions” now haha. When iPhone rebooted it stopped making query. Something/some app maybe triggers this. Will check tomorrow or maybe advise to purchase IP for £5 a month to avoid CG Nat. I don’t think remote access VPN will work if I help him set that up.
 
Mogsy said:
Can’t find the link for “network intrusions” now haha. When iPhone rebooted it stopped making query. Something/some app maybe triggers this. Will check tomorrow or maybe advise to purchase IP for £5 a month to avoid CG Nat. I don’t think remote access VPN will work if I help him set that up.
Click to expand...
Nothing surprises me with apple anymore, who knows how much garbage is running on it. Android isn't much better, and MS is joining the club too (they felt left out).

Your VPN should work fine with CGNAT as long as you initiate the VPN connection from inside the home network. Any modern VPN will work fine with NAT, even multiple layers of it. If not, and your VPN endpoint and ISP supports v6, you could enable that (I'm sure some here will be shocked to see me saying that).

If you are looking to VPN into the home network from remote, then very unlikely it would work without a real IP, since the CGNAT is almost certainly getting nat-overload at some point in the path (otherwise there would be no point). The only option there would be to enable IPv6 and DDNS updates for it so you can access your VPN with a hostname, or get a static IP.

You'll find various IPs related to 6to4, 4to6, dual stack, etc running on your LAN from the various manufacturers. Not likely anything to be worried about.
 
drinkingbird said:
Nothing surprises me with apple anymore, who knows how much garbage is running on it. Android isn't much better, and MS is joining the club too (they felt left out).

Your VPN should work fine with CGNAT as long as you initiate the VPN connection from inside the home network. Any modern VPN will work fine with NAT, even multiple layers of it. If not, and your VPN endpoint and ISP supports v6, you could enable that (I'm sure some here will be shocked to see me saying that).

If you are looking to VPN into the home network from remote, then very unlikely it would work without a real IP, since the CGNAT is almost certainly getting nat-overload at some point in the path (otherwise there would be no point). The only option there would be to enable IPv6 and DDNS updates for it so you can access your VPN with a hostname, or get a static IP.

You'll find various IPs related to 6to4, 4to6, dual stack, etc running on your LAN from the various manufacturers. Not likely anything to be worried about.
Click to expand...
That’s what we wanted to try with instant guard. After finding out he has 100.66.x.x IP then unlikely it would work. Doing a whois on this IP, damn, some of the subdomains are funny.

So the culprit is my iWatch. I dislike switching on bluetooth, especially in public. Might have to reactivate eSim for it :rolleyes:
 

Attachments

  • IMG_0113.jpg
    IMG_0113.jpg
    37.8 KB · Views: 145
You must log in or register to reply here.

Similar threads

I
Can't Connect to LAN when using OpenVPN (Asus Router RT-AX86U)
Replies
1
Views
2K
ColinTaylor
C
Similar threads
Thread starter Title Forum Replies Date
J Trying to understand system log entries related to rebooting router Asuswrt-Merlin 4
S Anyone else having issues trying to flash the newest merlin (stable or beta) to the GT-0AXE11000? Asuswrt-Merlin 4
R Getting flooded with log entries I don't understand on my RT-AX86U Pro running 3004.388.6_2 Asuswrt-Merlin 13

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 952 (members: 31, guests: 921)
Top