Posted by & filed under General, Internet Information Server, Windows / Server.

With some of the servers I maintain, prisoner.iana.org shows up as a DNS entry in the system logs. Because of the name, it “looks” suspicious. It is nothing to worry about: there are no hackers, and something isn’t wrong with your system.

IANA was the name of the organization that was responsible for handing out IP address blocks back in the day.

There was a need for a placeholder zone for the three blocks of non-routable addresses, so IANA setup three DNS servers: blackhole-1.iana.org, blackhole-2.iana.org and prisoner.iana.org.

If a system with the address range: 192.168.XXX.XXX tries to register its PTR record without a local DNS server, it will try to register with prisoner.iana.org. Obviously prisoner.iana.org will reject the request. Hence the many instances of this address in the DNS logs / Event Viewer.

(No Ratings Yet)

4 Responses to “What is prisoner.iana.org?”

  1. moi

    my systems run on the address range of 192.168.XXX.XXX if someone at prisoner.iana.org is not a hacker and there’s nothing wrong with my machines, can someone enlighten as why I keep seeing the address of 169.254.145.137 that resolves to prisoner.iana.org not only does it “looks” suspicious but I have seen this automatically change my ip address when I have used the DHCP server in my router. not to mention that all of my on line accounts have been hacked and well as my systems. by this address. so as far as I am concerned there is a hacker at the end of this address with prisoner.iana.org no matter how it’s denied! heres some food for thought. who ever it is at the end of that address needs to get a life before he/she finds them self locked up in a federal prison.

    Reply
  2. Chris

    If your local IP address is returned as 169.254.xxx.xxx with a subnet mask of 255.255.0.0, the IP address was assigned by the Automatic Private IP Addressing (APIPA) feature of Windows XP Professional. This assignment means that TCP/IP is configured for automatic configuration, that no DHCP server was found, and that no alternative configuration is specified. This configuration has no default gateway for the interface.

    Looks to be that your DSL or Cable modem, or router isn’t functioning properly.

    It could also be that your IP configuration in Windows needs to be released/renewed or your router needs to be reset. If your accounts have been hacked, it is entirely possible the intruder has hijacked your router and disabled DHCP as well.

    Reply
  3. Not Malicious

    @ MOI

    What do you mean “all of my on line accounts have been hacked and well as my systems. by this address.”

    Do you mean this IP address turned up in your logs (suggesting a coordinated sweep of your assets), or that someone maliciously hacked into your various accounts and the attack came from the ‘prisoner’ address.

    The second one seems unlikely. And the first one is not personal.

    http://en.wikipedia.org/wiki/Blackhole_server

    Reply
  4. Jim

    If I receive spam from IP address 192.168.1.6 and is from prisoner.iana.org, should I ban it on my server? I have cPanel and use “IP Deny Manager” and I’m not sure if this will block good e-mail as well. Any insight to this issue would be appreciated…Thank you!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>