trouble resolving specific zones
Brad Knowles
brad.knowles at skynet.be
Fri May 18 11:42:26 UTC 2001
At 4:27 AM +0000 5/18/01, Kelsey Cummings wrote:
> Brad - Could having:
>
> acl bogusnets {
> 0.0.0.0/8;
> 1.0.0.0/8;
> 2.0.0.0/8;
> 192.0.2.0/24;
> 224.0.0.0/3;
> 10.0.0.0/8;
> 172.16.0.0/12;
> 192.168.0.0/16;
> };
> blackhole { bogusnets; };
>
> as suggested in the bind docs, caused my servers not to resolve the
> toyota.com domain properly due to the fact that it listed NS records
> in the 10./8 netblock? Or does the blackhole directive only affect
> tcp/udp connections themselves?
It should only have affected your ability to send or receive
connections from those IP addresses themselves, but someone more
familiar with the code would have to confirm that. Jim?
> Is it really a good idea to use the 'bogusnets' acl like this?
I believe so, yes.
> Thanks Again! I can resolve the toyota.com zone now just fine perhaps
> because the toyota.com zone has been cleaned up.
Indeed. After discussing some things off-line with the domain
administrator for toyota.com, it looks like they've cleaned up quite
a few things, and I am pretty confident that they're working on the
rest.
They do still have one NS record pointing at an alias (which is
technically illegal), so they need to clean up their delegations with
NSI, but they may have already done that and the changes haven't yet
been propagated.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list