My networks talk to a prisoner, help.

Help, my networks talk to a prisoner. This was a funny one - client saw lots of DNS queries passing the Fortigate addressed at the and was worried what this was about. No worry - it just means (misconfigured) clients in the LAN are trying to get PTR records for the private RFC 1918 IPs (, etc) on the Internet. Those servers by IANA are registered to be authoritative for those reverse zones to deflect all such junk coming to them from around the Globe.

More details can be read in RFC 6305 titled " I’m Being Attacked by PRISONER.IANA.ORG!" . Another case of "It is easy to be hard, it is harder to be smart" - IANA could try explain to network admins till forever to stop such traffic going to the Internet/block such traffic, or …​ they could just route this junk to the junk DNS servers and be done with it. Stay safe.

Screenshot of Fortigate logs showing DNS queries to the server named

Follow me on not to miss what I publish on Linkedin, Github, blog, and more.