[dns-operations] Blackhole IANA question
Frank Habicht
geier at geier.ne.tz
Thu Aug 5 13:34:08 UTC 2010
Hi,
On 8/5/2010 4:24 PM, Phil Regnauld wrote:
> You shouldn't be getting a timeout. What you should be getting
> is NXDOMAIN from the blackhole servers, for anything in the RFC1918
> ranges. Please use dig or host instead of nslookup, as nslookup
> makes a number of assumptions about your environment, and doesn't
> provide detailed output.
>
>
>
>> > Can you tell me if there is any problem with your blackhole servers ? The
>> > problem is mine?
> What does traceroute do these servers show ?
plus:
you shouldn't be sending out these queries in the first place.
those dns servers outside can not possibly tell you anything useful
about your internal private ip addresses. that's why they will (should)
answer NXDOMAIN.
you can look at fixing connectivity with your nearest AS112. Well, you
_should_ because there's an issue somewhere.
But you can also stop sending these queries out - have your resolvers
serve these zones directly without asking outsiders.
3 relevant documents are to become RFCs "soon".
Frank
More information about the dns-operations
mailing list