0

While going through a domain in the format as mentioned below , I did host lookup using the host command and got a private ip address.

auth-ns.auth-ns.workspace.agate.example.com
host auth-ns.auth-ns.workspace.agate.example.com

Why does an agate auth endpoint provide a private ip address ? When I searched for agate I came to know agate is used to authenticate to obiba software stack.Is this how the obiba works ? Even it works like this why is it resolving to a private IP ? The ip belongs to 172.16.0.0/12 CIDR

NOTE: I was not able to browse to the respective endpoint , I never got any response

Joel Deleep
  • 145
  • 1
  • 1
  • 8

4 Answers4

5

why is it resolving to a private IP ?

Your question seems to be based on the assumption that a DNS record cannot resolve to a "private" IP for some reason. There's no basis for the assumption, so the answer is "because that's what the person who created the record wants it to resolve to".

ThatGraemeGuy
  • 15,473
  • 12
  • 53
  • 79
  • so this means they can access via their private network right and it can only be accessed from the private network, am i right ? – Joel Deleep May 27 '20 at 15:50
  • 1
    DNS does not know about your network, it only returned the contents of an A record. That could be a different network through a VPN, or the Internet through crazy dual NAT, or someone misconfigured DNS to leak an internal zone. Or it could be boring private RFC1918 space. – John Mahowald May 30 '20 at 03:43
0

You won't be able to browse the endpoint because it's a private IP. So it'll be on someone else's private network.

There are a heap of reasons to do this. The most recent being DNS over HTTPS. This will still allow DNS resolution for important things even though the DNS request may not go to your internal DNS server

jstuart-tech
  • 146
  • 5
0

Basicially a domain name can be pointed to any IP address. Its a matter of Domain Name DNS settings. And when a domain name is pointed to private IP address it wont work for all the users around the world or it cannot be accessible for everyone.

doctor
  • 11
  • 1
0

Any domain name can be registered to "point" or "resolve" to any IP address. This is done using what is called an "A Record" or "Address Record". Various other kinds of records can be found here.

In short, when someone registers a domain name as an "Address Record", they can choose any IP address they wish, including "127.0.0.1". Why it is that Domain The Net Technologies chose to do so is something only they know, but technically there could be any number of domains which point to that address.

To learn more about how domain name servers work internally, check out this site which explains how you can make one yourself.

I know this question is a couple years old but the answers are lacking and it took me days to find useful information. Hopefully this helps someone in the future.

Blue Dev
  • 1
  • 1