<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>Hello Chris,</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>I can say that we noticed, about a year ago, some type of blackhole-like behavior.<br></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span><br></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>We discovered an issue where some of
our recursive servers (oddly limited to servers in Eastern US) would get a timeout (i.e., ;; connection timed out; no servers could be reached) from RFC1918 PTR requests instead of the normal NXDOMAIN response.<br></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>Instead of trying to find out who/what/why/where our queries were being dropped, we figured the better thing to do is to stop the DNS pollution from leaving our network in the first place. So, that became our plan of action.<br></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style:
normal;"><span><br></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>Ironically, within days after we customized our servers for handling RFC1918, a new BIND version came out with the "empty-zones-enable yes;" option which accomplished the same thing, but better.<br></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">That timing was strange.</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">What is more strange than that?</div><div style="color: rgb(0, 0,
0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">I was able to verify we were still being blackholed when I started to compose this email.</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">When I run some additional testing now, it seems we are no longer seeing the blackhole-like behavior.</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">Perhaps
your inquiry put some fix magic in motion, or I should buy a lotto ticket (?). Perhaps both.<br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span></span></div><div><br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; margin-top: 5px; padding-left: 5px;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> <hr
size="1"> <b><span style="font-weight:bold;">From:</span></b> "Roosenraad, Chris" <chris.roosenraad@twcable.com><br> <b><span style="font-weight: bold;">To:</span></b> DNS Operations List <dns-operations@lists.dns-oarc.net> <br> <b><span style="font-weight: bold;">Sent:</span></b> Friday, November 16, 2012 2:47 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> [dns-operations] PTR records, and IANA blackhole<br> </font> </div> <br>
All,<br><br>Anyone else seeing timeouts from <a target="_blank" href="http://blackhole-1.iana.org/">blackhole-1.iana.org</a> and<br><a target="_blank" href="http://blackhole-2.iana.org/">blackhole-2.iana.org</a>?<br><br>--<br>Chris R. Roosenraad<br>Director, Systems/Applications<br>Architecture, Development & Engineering<br>13820 Sunrise Valley Drive<br>Herndon, VA 20171<br>+1 (703) 345 3438<br><a ymailto="mailto:chris.roosenraad@twcable.com" href="mailto:chris.roosenraad@twcable.com">chris.roosenraad@twcable.com</a><br><br><br>This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken
in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.<br>_______________________________________________<br>dns-operations mailing list<br><a ymailto="mailto:dns-operations@lists.dns-oarc.net" href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a><br><a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>dns-jobs mailing list<br><a href="https://lists.dns-oarc.net/mailman/listinfo/dns-jobs" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</a><br><br><br> </div> </div> </blockquote></div> </div></body></html>