[dns-operations] Blackhole IANA question

Phil Regnauld regnauld at nsrc.org
Thu Aug 5 13:24:23 UTC 2010


Alberto García Moyano (alberto.garciamoyano) writes:
> 
> we are sending inverse queries to these blackhole servers:
> 
> "blackhole-1.iana.org" and "blackhole-2.iana.org",
> 
> The inverse queries are asking for private addresses, this traffic is
> normal in our network so there is not any abuse. My problem is that i
> cant get any response from these servers and the normal operation for
> these queries is (from the web http://www.iana.org/abuse/faq.html):

	Hi Alberto,

> I have also tried to do a query from my PC in my home, and i didnt get
> response.
> 
> > 10.208.1.1
> Servidor:  [195.175.48.42]
> Address:  195.175.48.42
> 
> DNS request timed out.
>     timeout was 2 seconds.
> *** La petición a [195.175.48.42] a caducado

	You shouldn't be getting a timeout.  What you should be getting
	is NXDOMAIN from the blackhole servers, for anything in the RFC1918
	ranges.  Please use dig or host instead of nslookup, as nslookup
	makes a number of assumptions about your environment, and doesn't
	provide detailed output.

	A dig from here:

$ dig @blackhole-1.iana.org -x 192.168.1.1

[...]

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15475
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

[...]

;; AUTHORITY SECTION:
168.192.in-addr.arpa.	300	IN	SOA	prisoner.iana.org. hostmaster.root-servers.org. 2008072202 21600 3600 1209600 86400

[...]
;; SERVER: 192.175.48.6#53(192.175.48.6)
;; WHEN: Thu Aug  5 15:15:43 2010
;; MSG SIZE  rcvd: 119


> Can you tell me if there is any problem with your blackhole servers ? The
> problem is mine?

	What does traceroute do these servers show ?

Cheers,
Phil



More information about the dns-operations mailing list