[dns-operations] Looking for a public blackhole/sinkhole IP address

Mark Andrews marka at isc.org
Thu Nov 27 21:45:41 UTC 2014

In message <20141127171135.GA30444 at mycre.ws>, Robert Edmonds writes:
> Mark Andrews wrote:
> > I would say CNAME/DNAME with a week long ttl to one of the non RFC
> > 1918 or ULA default local zones but IANA has been tardy about getting
> > the insecure delegations in place to break the DNSSEC chains of
> > trust.  That way default local zone aware recursive servers would
> > answer negatively to the querier and you have a long lived cached
> > record to slow the rate of queries from the recursive servers.
> > 
> > e.g. 0.in-addr.arpa.
> Not all default local zone aware recursive servers behave this way.
> Unbound in particular does not search its local zones when looking up
> CNAME/DNAME targets.

Then it is not RFC 103[45] compliant.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list