cancel
Showing results for 
Search instead for 
Did you mean: 

Do VM filter RFC 1918 IP addresses from DNS query results?

yrro
Tuning in

I'm debugging a DNS problem I see on my parents' internet connection which is a residential Virgin Media connection.

I find that when I query the DNS for a record that I expect will include an RFC 1918 address in its results then the query times out. This is regardless of DNS server--whether I query the VM Hub 5, or one of VM's DNS servers directly, or even a public resolver such as Cloudflare!

For example,

nslookup 192-168-0-80.nip.io 1.1.1.1

This times out when I run it from my parents' connection. If I run it from my own VM business connection it works fine.
 
I'm assuming the Hub 5 is doing some DPI on DNS traffic and dropping responses that include RFC 1918 addresses, although I don't have a second residential connection to test from.
 
Is my guess accurate? If so, is there a way to turn this off, as it's breaking stuff...

14 REPLIES 14

Client62
Hero

I'm a VM residential broadband customer, very happy to perform the nslookup test.

On a Windows PC the nslookup works instantly and with any public DNS or VM default DNS.

Test 1 as posted :

C:\Users\Philip>nslookup 192-168-0-80.nip.io 1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1

Non-authoritative answer:
Name: 192-168-0-80.nip.io
Address: 192.168.0.80


Test 2 using VM's DNS :

C:\Users\Philip>nslookup 192-168-0-80.nip.io
Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Non-authoritative answer:
Name: 192-168-0-80.nip.io
Address: 192.168.0.80


Thanks! That leaves me scratching my head. Do you mind sharing what type of CPE you're using? Virgin Media replaced my parents' Super Hub with a Hub 5 in December and I'm wondering if the DNS filtering is a new 'feature'...

... if you too have a Hub 5 then I'm not sure what to try next...

We have a Super Hub 3.  
But I'm not convinced that matters in this case.

As far as I can tell the VM Hubs pass the DNS requests as traffic and do not perform any filtering.

The VM Hub's DHCP process hands a primary + secondary DNS to each host.
So it is always the host a computer or mobile that has to perform the DNS lookup for itself.

Unlike ADSL routers of the past, the VM Hubs do not offer any DNS service to the hosts.
This would always timeout :   nslookup bbc.co.uk 192.168.0.1  ( a VM Hub's IP cannot be used like this )

Even though the Hub 5 hands out DHCP offers that specify VM's DNS servers (194.168.4.100 and 194.168.8.100), I noticed that the Hub 5 is indeed providing DNS service, which is what makes me suspect that the filtering is being performed by the Hub 5.

(Parents PC is off at the moment so I can't confirm this, I'll update when I have had another chance).

I'm using a HUB 5 and also timeout.

Tudor
Very Insightful Person
Very Insightful Person

Hub5 in modem mode works fine.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2

yrro
Tuning in

Thanks folks - looks like modem mode could be a solution. That strongly implies that the Hub 5 itself is inspecting DNS traffic and dropping responses with RFC 1918 addresses.

I did one more test - showing that the Hub 5 is indeed providing a recursive DNS service (likely forwarding to VM's own DNS servers of course); here you can see it dropping a response with an RFC 1918 address, and returning a response with a public address:

>nslookup 10-2-0-1.nip.io 192.168.0.1
Server: [...].cable.virginm.net
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
*** Request to [...].cable.virginm.net timed-out

>nslookup google.co.uk 192.168.0.1
Server: [...].cable.virginm.net
Address: 192.168.0.1

Non-authoritative answer:
Name: google.co.uk
Addresses: 2a00:1450:4009:823::2003
  142.250.200.35

 

rugby2711
Joining in

Hi. Did you get to the bottom of this issue? having the same issue with a url that resolves to a 127.0.0.1 address

 

Hi @rugby2711 thanks for your post here.

Looking at this thread it does appear that using Modem Mode may have resolved this issue, are you able to try this please?

Many thanks

Tom_W