Reverse lookups on local IPs
Bill Manning
bmanning at ISI.EDU
Fri Aug 17 15:26:49 UTC 2001
% >Am I just talking trash or was it really set up by whoever controls those
% >IP's (ICANN or whoever). Why don't the set it up again?
%
% The machines that the RFC 1918 addresses have their reverse DNS delegated
% to (blackhole.isi.edu and blackhole.ep.net) used to actually exist and
% respond, although I believe the zone files were empty. This would permit
% you to get a rapid NXDOMAIN error, rather than a timeout. I suspect they
% took them down because they were getting hammered by many queries, and/or
% they decided it would be better if folks found out that they didn't have
% their private reverse DNS configured properly by making them suffer through
% the timeouts.
%
% When blackhole.isi.edu went away, we configured our caching nameservers
% with empty zones for all the RFC 1918 blocks. If you were getting actual
% hostnames for this reverse DNS, either you had the reverse domains
% installed on your internal servers and you filled it in with your local
% machine names, or your ISP created reverse domains and filled them in with
% dummy entries.
They have not gone away but they are -VERY- busy.
Peak rate was just over 120,000 qps during the last
SIRCam event.
The zone files have been empty for some time. We did
try the experiment, providing an authoritative answer,
but that proved to be "problematic" since many corporate
environments use RFC 1918 space for their NM platforms.
It was disconcerting to know how many corporate and
ISP network management systems collapsed to a single
node "This-is-PRIVATE-netspace-NOT-to-be-used-in-the-Internet"
when we did provide an authoritative answer. So we
went back to the NXDOMAIN solution.
--
--bill
More information about the bind-users
mailing list