Help, my networks talk to prisoner. This was a funny one - client saw lots of DNS queries passing the Fortigate addressed at the prisoner.iana.org and was worried what this was about. No worry - it just means (misconfigured) clients in the LAN are trying to get PTR records for the private RFC 1918 IPs (192.168.0.0/16, 10.0.0.0/8 etc) on the Internet. Those servers by IANA are registered to be authoritative for those reverse zones 10.in-addr.arpa to deflect all such junk coming to them from around the Globe.
More details can be read in RFC 6305 titled " I’m Being Attacked by PRISONER.IANA.ORG!" https://datatracker.ietf.org/doc/html/rfc6305.html . Another case of "It is easy to be hard, it is harder to be smart" - IANA could try explain to network admins till forever to stop such traffic going to the Internet/block such traffic, or … they could just route this junk to the junk DNS servers and be done with it. Stay safe.
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.