|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Problem with IANA blackhole servers
On Tue, Mar 28, 2006 at 09:34:59PM +0200, Sebastian Wiesinger wrote:
...
> The resolver is used by customers who sometimes leak RFC1918 requests
> to our resolver. I already told them to resolve that network
> internally, but still the IANA server is not working correctly IMHO.
>
> I'm also thinking about routing the blackhole /24 to one of our
> DNS-Servers to resolve all of the RFC1918 space locally, but that will
> take a little bit more time.
...
Just add zones 10.in-addr.arpa, 168.192.in-addr.arpa, and
{16-31}.172.in-addr.arpa to ALL of your resolving name servers, pointing
to a file that only has NS and SOA records.
Or a "* IN PTR not-a-working-address." record. ;-)
Or if you want to preserve the purity of separation of your resolvers
and authoritative name servers, do the above on one or more of your
authoritative name servers, and make them "forward only" zones on your
resolvers, pointing them to the authoritative name servers that have
been so favoured.
It takes less time than reading this mailing list! ;-)
[I have carefully removed you from the "to" list.]
--
Joe Yao
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
|