Hi Julien
Yes, we are experiencing the same issues recently with ptr-requests forwarded to the iana blackhole nameservers.
# dig -x 10.0.0.100 @blackhole-1.iana.org ;; global options: +cmd ;; connection timed out; no servers could be reached
We now configured our nameservers to respond to those requests immediately without sending the queries to internet servers, which they shouldn't do anyway for RFC1918 IPs [1][2]
Regards, Christian
[1] https://deepthought.isc.org/article/AA-00800/0 [2] https://www.iana.org/help/abuse-answers -> Information about "Blackhole" Servers
2016-10-27 16:13 GMT+02:00 maj@mbuf.net:
Hi, are there some people experiencing issues on some AS when using iana blackhole nameservers for localnets?
I usually meet this response for instance: dig 172.16.1.1 @blackhole-1.iana.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34667 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;172.16.1.1. IN A
;; Query time: 46 msec ;; SERVER: 192.175.48.6#53(192.175.48.6) ;; WHEN: Thu Oct 27 16:
But I don't get any reply packet on AS8220 (COLT). dig 172.16.1.1 @blackhole-1.iana.org ;; global options: +cmd ;; connection timed out; no servers could be reached
thank you.
-- |_|0|_| julien mabillard |_|_|0| OpenPGP key fingerprint : F009 EFD0 8060 50FE DE07 4953 0E57 5BB0 8284 EF08 |0|0|0|
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog