blackhole.isi.edu and blackhole.ep.net
John W. Blue
jblue at arocinc.com
Tue Apr 17 18:32:54 UTC 2001
My nameservers have been having this ongoing converstation with
blackhole.isi.edu and blackhole.ep.net. After digging around isc.org's
archives a little, and with some help ... Bill Manning's comments on RFC
1918 came into focus.
A snip from tcpdump ...
10:00:59.005821 ns1.allianceresources.com.1039 > blackhole.isi.edu.domain:
4149 (42) (ttl 64, id 62598)
10:01:37.629468 ns1.allianceresources.com.1039 > blackhole.isi.edu.domain:
65391 (44) (ttl 64, id 62690)
10:01:57.626822 ns1.allianceresources.com.1039 > blackhole.isi.edu.domain:
1449 (46) (ttl 64, id 62710)
10:03:17.997817 ns1.allianceresources.com.1039 > blackhole.ep.net.domain:
15427 (45) (ttl 64, id 62832)
10:04:39.822077 ns1.allianceresources.com.1039 > blackhole.ep.net.domain:
47271 (45) (ttl 64, id 62885)
10:06:56.621324 ns1.allianceresources.com.1039 > blackhole.isi.edu.domain:
32406 (45) (ttl 64, id 63106)
What I surmise is that there someone asking ns1 to resolve a private ip, and
since ns1 knows nothing about this reverse zone .. it turns to ask the
servers that are .. all-la peanut-butter jelly sandwiches ... the request
goes to the bit bucket. I'm asking for affirmation here, does that sound
right? <grin>
If this is correct, a simple populated zone file and a HUP will knock this
out. However, when I inspected my other namesevers that do *not* front
private address space ... the same queries are being made ... hrmmm .. now
I'm stumped.
Am I missing something??
TIA
John Blue
More information about the bind-users
mailing list