:: > # dig -x 10.0.0.100 @blackhole-1.iana.org :: Traceroute? :) ::
traceroute to blackhole-1.iana.org (192.175.48.6), 64 hops max, 40 byte packets 1 gateway.ecucenter.org (193.73.242.101) 0.204 ms 0.204 ms 0.159 ms 2 213.173.181.181 (213.173.181.181) 0.843 ms 1.057 ms 0.757 ms 3 te0-1-0-0-pr2.ZRH.router.colt.net (212.74.87.3) 7.114 ms 7.611 ms 6.554 ms 4 blackhole-1.iana.org (192.175.48.6) 4.916 ms 4.643 ms 5.305 ms
I tried the COLT[0] looking glass, it gives me (Zurich): Paths: (6 available, best #5) but only 2 first paths are printed.
I know that this is kind of bad practice as any localnet should not leak with dns requests but this happenned on some mail gateway appliances that directly use root nameservers and then use them globally without caring for localnets (PTR resolution).
As workaround I will use local nameservers that correctly reply for such requests.
but still I'd like to understand what happens. We got notified last Friday afternoon of sudden stop of these responses.
I know this seems to happen same time when Dyn ddos happened. AFAIK rootnameservers were not victims of the attack.
BTW I still get an increased traffic of servfail since Friday, and those are PTR requests (not localnet).
thanks for your answers.
[0] https://portal.colt.net/lg/ --