[dns-operations] Looking for a public blackhole/sinkhole IP address
Robert Edmonds
edmonds at mycre.ws
Thu Nov 27 17:11:35 UTC 2014
Mark Andrews wrote:
> I would say CNAME/DNAME with a week long ttl to one of the non RFC
> 1918 or ULA default local zones but IANA has been tardy about getting
> the insecure delegations in place to break the DNSSEC chains of
> trust. That way default local zone aware recursive servers would
> answer negatively to the querier and you have a long lived cached
> record to slow the rate of queries from the recursive servers.
>
> e.g. 0.in-addr.arpa.
Not all default local zone aware recursive servers behave this way.
Unbound in particular does not search its local zones when looking up
CNAME/DNAME targets.
--
Robert Edmonds
More information about the dns-operations
mailing list