IANA Blackhole Servers Ill?

• Previous message (by thread): IANA Blackhole Servers Ill?
• Next message (by thread): BGP Analysis BOF at NANOG-35
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Crist Clark wrote:
> 
> We got some very weird compaints about applications "hanging." Tracked
> it down to reverse lookups timing out. Reverse lookups to RFC1918 space.
> Looks like the IANA blackhole servers for RFC1918 are not well?

>From my location (Comcast cable modem in LA) I can see the IANA servers, and
they are answering queries.

> (Of course, the fix is to claim authority for the RFC1918 space you are
> using in your own DNS servers.)

It's arguably a good idea for resolving name servers to be authoritative for
all the 1918 space, as well as the zones recommended in RFC 1912
(ftp://ftp.rfc-editor.org/in-notes/rfc1912.txt). You can set up an empty
zone file (just SOA and NS), and do something like this:

zone "10.in-addr.arpa"          { type master; file "master/empty.db"; };
zone "16.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "17.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "18.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "19.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "20.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "21.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "22.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "23.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "24.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "25.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "26.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "27.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "28.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "29.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "30.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "31.172.in-addr.arpa"      { type master; file "master/empty.db"; };
zone "168.192.in-addr.arpa"     { type master; file "master/empty.db"; };

Any more specific zones that you add for space that you're actually using
will be effective for those blocks instead of the more generic definitions
(at least in modern versions of BIND).

hth,

Doug

• Previous message (by thread): IANA Blackhole Servers Ill?
• Next message (by thread): BGP Analysis BOF at NANOG-35
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]