Problem with IANA blackhole servers

Joseph S D Yao jsdy at
Tue Mar 28 21:04:59 UTC 2006

On Tue, Mar 28, 2006 at 09:34:59PM +0200, Sebastian Wiesinger wrote:
> The resolver is used by customers who sometimes leak RFC1918 requests
> to our resolver. I already told them to resolve that network
> internally, but still the IANA server is not working correctly IMHO.
> I'm also thinking about routing the blackhole /24 to one of our
> DNS-Servers to resolve all of the RFC1918 space locally, but that will
> take a little bit more time.

Just add zones,, and
{16-31} to ALL of your resolving name servers, pointing
to a file that only has NS and SOA records.

Or a "* IN PTR not-a-working-address." record.  ;-)

Or if you want to preserve the purity of separation of your resolvers
and authoritative name servers, do the above on one or more of your
authoritative name servers, and make them "forward only" zones on your
resolvers, pointing them to the authoritative name servers that have
been so favoured.

It takes less time than reading this mailing list!  ;-)

[I have carefully removed you from the "to" list.]

Joe Yao
   This message is not an official statement of OSIS Center policies.

More information about the NANOG mailing list