[as112-ops] Blocklist for AS112 servers?
Matthew Pounsett
matt at dns-oarc.net
Wed Jul 12 19:34:01 UTC 2023
> On Jul 12, 2023, at 12:06, Cox, Kenneth N via as112-ops <as112-ops at dns-oarc.net> wrote:
>
>
> From: "Cox, Kenneth N" <kenneth_n_cox at optum.com>
> Subject: Blocklist for AS112 servers?
> Date: July 12, 2023 at 12:06:22 EDT
> To: "as112-ops at lists.dns-oarc.net" <as112-ops at lists.dns-oarc.net>
>
>
> My organization, Optum / UnitedHealthGroup, has been sending DNS
> traffic to the iana blackhole servers at 192.175.48.6 and
> 192.175.48.42- from the following ip addresses:
> 198.203.177.177
> 198.203.175.175
> 198.203.181.181 As of June 7 we stopped receiving replies from the blackhole servers.
> I am trying to diagnose whether this is a routing issue or whether we
> have been blocked for high traffic volume.
> Is there a blocklist for servers used by iana blackhole servers?
There's no general blocklist. And rather than you being blocked, it seems much more likely there's a configuration issue at which ever node is receiving your queries.
As the blackhole servers are anycasted across dozens of organizations, there's no easy central way to figure out where your queries are going. If you can trace to the name server addresses from the affected servers, that will help narrow down which organization/instance is actually receiving your queries. I usually suggest `mtr -wb <address>` to people, for that.
You can compare the host names of the last few hops, or look at whois for the IP addresses of those hops, to figure out what organization is at the end of the trace route, and compare that to the operator listing at <https://www.as112.net/ops-listing.html>.
If that doesn't pan out, it's possible someone on this list might recognize their own network in the trace.
Of course, you could solve the entire problem by configuring your name servers not to send queries to the blackhole servers, by answering for the RFC1918 address blocks themselves. The reason the AS112 "blackhole" servers are there are to collect queries that should never see the public Internet anyway.
Matt Pounsett
DNS-OARC Systems Engineering
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.dns-oarc.net/mailman/private/as112-ops/attachments/20230712/64e36d23/attachment.sig>
More information about the as112-ops
mailing list