[dns-operations] Looking for a public blackhole/sinkhole IP address
Mark Andrews
marka at isc.org
Thu Nov 27 21:45:41 UTC 2014
In message <20141127171135.GA30444 at mycre.ws>, Robert Edmonds writes:
> Mark Andrews wrote:
> > I would say CNAME/DNAME with a week long ttl to one of the non RFC
> > 1918 or ULA default local zones but IANA has been tardy about getting
> > the insecure delegations in place to break the DNSSEC chains of
> > trust. That way default local zone aware recursive servers would
> > answer negatively to the querier and you have a long lived cached
> > record to slow the rate of queries from the recursive servers.
> >
> > e.g. 0.in-addr.arpa.
>
> Not all default local zone aware recursive servers behave this way.
> Unbound in particular does not search its local zones when looking up
> CNAME/DNAME targets.
Then it is not RFC 103[45] compliant.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list