trouble resolving specific zones

[Brad Knowles]

At 4:27 AM +0000 5/18/01, Kelsey Cummings wrote:

>  Brad - Could having:
>
>  acl bogusnets {
>          0.0.0.0/8;
>          1.0.0.0/8;
>          2.0.0.0/8;
>          192.0.2.0/24;
>          224.0.0.0/3;
>          10.0.0.0/8;
>          172.16.0.0/12;
>          192.168.0.0/16;
>  };
>  blackhole { bogusnets; };
>
>  as suggested in the bind docs, caused my servers not to resolve the
>  toyota.com domain properly due to the fact that it listed NS records
>  in the 10./8 netblock?  Or does the blackhole directive only affect
>  tcp/udp connections themselves?

	It should only have affected your ability to send or receive 
connections from those IP addresses themselves, but someone more 
familiar with the code would have to confirm that.  Jim?

>  Is it really a good idea to use the 'bogusnets' acl like this?

	I believe so, yes.

>  Thanks Again!  I can resolve the toyota.com zone now just fine perhaps
>  because the toyota.com zone has been cleaned up.

	Indeed.  After discussing some things off-line with the domain 
administrator for toyota.com, it looks like they've cleaned up quite 
a few things, and I am pretty confident that they're working on the 
rest.

	They do still have one NS record pointing at an alias (which is 
technically illegal), so they need to clean up their delegations with 
NSI, but they may have already done that and the changes haven't yet 
been propagated.

-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'