[dns-operations] PTR records, and IANA blackhole
freaknetboy at yahoo.com
Fri Nov 16 20:37:54 UTC 2012
I can say that we noticed, about a year ago, some type of blackhole-like behavior.
We discovered an issue where some of our recursive servers (oddly limited to servers in Eastern US) would get a timeout (i.e., ;; connection timed out; no servers could be reached) from RFC1918 PTR requests instead of the normal NXDOMAIN response.
Instead of trying to find out who/what/why/where our queries were being dropped, we figured the better thing to do is to stop the DNS pollution from leaving our network in the first place. So, that became our plan of action.
Ironically, within days after we customized our servers for handling RFC1918, a new BIND version came out with the "empty-zones-enable yes;" option which accomplished the same thing, but better.
That timing was strange.
What is more strange than that?
I was able to verify we were still being blackholed when I started to compose this email.
When I run some additional testing now, it seems we are no longer seeing the blackhole-like behavior.
Perhaps your inquiry put some fix magic in motion, or I should buy a lotto ticket (?). Perhaps both.
> From: "Roosenraad, Chris" <chris.roosenraad at twcable.com>
>To: DNS Operations List <dns-operations at lists.dns-oarc.net>
>Sent: Friday, November 16, 2012 2:47 PM
>Subject: [dns-operations] PTR records, and IANA blackhole
>Anyone else seeing timeouts from blackhole-1.iana.org and
>Chris R. Roosenraad
>Architecture, Development & Engineering
>13820 Sunrise Valley Drive
>Herndon, VA 20171
>+1 (703) 345 3438
>chris.roosenraad at twcable.com
>This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.
>dns-operations mailing list
>dns-operations at lists.dns-oarc.net
>dns-jobs mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations