[dns-operations] Blackhole IANA question
Phil Regnauld
regnauld at nsrc.org
Thu Aug 5 13:42:00 UTC 2010
Frank Habicht (geier) writes:
>
> plus:
> you shouldn't be sending out these queries in the first place.
> those dns servers outside can not possibly tell you anything useful
> about your internal private ip addresses. that's why they will (should)
> answer NXDOMAIN.
>
> you can look at fixing connectivity with your nearest AS112. Well, you
> _should_ because there's an issue somewhere.
> But you can also stop sending these queries out - have your resolvers
> serve these zones directly without asking outsiders.
> 3 relevant documents are to become RFCs "soon".
That was my next question, but wanted to lead the requestor to
first check connectivity ;)
AS112 is a very good idea. At the very least, implement these dummy zones
in your resolver:
10.in-addr.arpa
16.172.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
168.192.in-addr.arpa
Cheers,
Phil
More information about the dns-operations
mailing list