What is prisoner.iana.org?

[Ian Henderson]

Hi folks

I've been having an ongoing-problem with my PC over the last few months,
whereby it crashes for what looks like no reason whatsoever. Before I
continue, let me tell you a little bit about the setup I have here:

1 x Windows 2000 SP4 Domain Controller;
1 x Windows XP SP2 Desktop;
1 x Windows XP SP2 Laptop;

Both the XP Desktop and XP Laptop authenticate onto my local network via the
Domain Controller (naturally). However, the Desktop machine is the one that
sees the most use, since it tends to be on 24/7, or would if it didn't keep
crashing.

Now, whenever I go into my Event Viewer, I normally find the following
entries in the System Log:

Source: LSASRV
Category: SPNEGO (Negotiator)
Type: Warning
Event ID: 40961

The Security System could not establish a secured connection with the
server DNS/prisoner.iana.org. No authentication protocol was available.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

So, I'm confused. While the computer doesn't always hang after one of these
entries has gone into the System Log, I can generally pin it down to having
been some time just after such an entry was generated. Looking back over
the last 24 hours, there appears to have been an attempt to contact this DNS
entry roughly once every hour or so, although that isn't strictly
consistent.

Should I be setting my DNS Server up to recognise this entry, and if so how,
or is this an attempt to hack my system? I should point out at this stage
that my laptop doesn't generally display this error.


TIA

 

[KB]

Hi folks

I've been having an ongoing-problem with my PC over the last few months,
whereby it crashes for what looks like no reason whatsoever. Before I
continue, let me tell you a little bit about the setup I have here:

1 x Windows 2000 SP4 Domain Controller;
1 x Windows XP SP2 Desktop;
1 x Windows XP SP2 Laptop;

Both the XP Desktop and XP Laptop authenticate onto my local network via the
Domain Controller (naturally). However, the Desktop machine is the one that
sees the most use, since it tends to be on 24/7, or would if it didn't keep
crashing.

Now, whenever I go into my Event Viewer, I normally find the following
entries in the System Log:

Source: LSASRV
Category: SPNEGO (Negotiator)
Type: Warning
Event ID: 40961

The Security System could not establish a secured connection with the
server DNS/prisoner.iana.org. No authentication protocol was available.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

So, I'm confused. While the computer doesn't always hang after one of these
entries has gone into the System Log, I can generally pin it down to having
been some time just after such an entry was generated. Looking back over
the last 24 hours, there appears to have been an attempt to contact this DNS
entry roughly once every hour or so, although that isn't strictly
consistent.

Should I be setting my DNS Server up to recognise this entry, and if so how,
or is this an attempt to hack my system? I should point out at this stage
that my laptop doesn't generally display this error.


TIA

Found this info on another forum that might help:
Quoted from forum:

I just figured out the reason you're seeing those entries in your cache.

If you don't have an in-addr.arpa. zone for each of the private ranges used by your
network, eventually a computer will attempt a reverse-lookup for a private address that
the DNS server can't handle. When the DNS server accesses the root servers, trying to
lookup a private range, they return an SOA record for iana.org. Then, when your DNS server
attempts to resolve the address through IANA's servers, its request is simply dropped.

IANA has three allocations for each of the private ranges. One SOA (prisoner.iana.org.)
and two NS (blackhole-1.iana.org. and blackhole-2.iana.org.) entries that effectively map
what Linux users would refer to as the "dev/nul" of DNS.

 

[Ian Henderson]

Nice one KB

I guess that just leaves me with 2 questions:

1. Is the lack of an in-addr.arpa zone going to cause my desktop machine to
crash?
2. If it is, how do i add an in-addr.arpa zone?

TIA