[dns-operations] Looking for a public blackhole/sinkhole IP address

Robert Edmonds edmonds at mycre.ws
Thu Nov 27 17:11:35 UTC 2014

Mark Andrews wrote:
> I would say CNAME/DNAME with a week long ttl to one of the non RFC
> 1918 or ULA default local zones but IANA has been tardy about getting
> the insecure delegations in place to break the DNSSEC chains of
> trust.  That way default local zone aware recursive servers would
> answer negatively to the querier and you have a long lived cached
> record to slow the rate of queries from the recursive servers.
> e.g. 0.in-addr.arpa.

Not all default local zone aware recursive servers behave this way.
Unbound in particular does not search its local zones when looking up
CNAME/DNAME targets.

Robert Edmonds

More information about the dns-operations mailing list