Problem with IANA blackhole servers
Sebastian Wiesinger
nanog at tracker.fire-world.de
Tue Mar 28 19:13:51 UTC 2006
Hello,
I'm having a problem with the IANA blackhole DNS-Servers resolving
RFC1918 IPs.
Normally I'm getting a NXDOMAIN reply and this is reported back to the
client.
With one resolver we're getting SERVFAIL for every query instead
of NXDOMAIN.
Example:
Resolver 1 (working):
# dig @192.175.48.42 1.1.168.192.in-addr.arpa PTR
; <<>> DiG 9.2.1 <<>> @192.175.48.42 1.1.168.192.in-addr.arpa PTR
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50669
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;1.1.168.192.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
168.192.in-addr.arpa. 300 IN SOA prisoner.iana.org. hostmaster.root-servers.org. 2004051800 1800 900 604800 300
;; Query time: 11 msec
;; SERVER: 192.175.48.42#53(192.175.48.42)
;; WHEN: Tue Mar 28 13:29:57 2006
;; MSG SIZE rcvd: 119
Resolver 2 (failing):
# dig @192.175.48.42 1.1.168.192.in-addr.arpa PTR
; <<>> DiG 9.2.1 <<>> @192.175.48.42 1.1.168.192.in-addr.arpa PTR
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62187
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;1.1.168.192.in-addr.arpa. IN PTR
;; Query time: 16 msec
;; SERVER: 192.175.48.42#53(192.175.48.42)
;; WHEN: Tue Mar 28 13:21:02 2006
;; MSG SIZE rcvd: 42
So every request to resolve RFC1918 IPs with resolver #2 times out and
takes a long time to finish.
I think the reason is one of the anycast servers acting abnormal. A
trace from resolver 2 points to p80.net as provider:
[..]
4 ge0-0-pr1.AMS.router.colt.net (212.74.66.146) 14.100 ms 14.122 ms 14.096 ms
5 cr1.nl.p80.net (195.69.145.52) 14.839 ms 14.731 ms 14.123 ms
6 blackhole-2.iana.org (192.175.48.42) 14.703 ms 15.020 ms 14.861 ms
Perhaps someone on this list has a shortcut to get the server back to
normal again?
Regards,
Sebastian
--
GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
Wehret den Anfaengen: http://odem.org/informationsfreiheit/
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
More information about the NANOG
mailing list