blocking resolving for 10.X.X.X addresses

Paul Vixie vixie at
Sat Oct 26 06:28:12 UTC 2002

> > we have found customers trying to resolv 10.X.X.X addresses ( or any other
> > private addresses), i want to block these so they just get a "refused" or
> > hostname etc.. not found...
> Paul and friends have a project ( that is
> suppose to take care of this, and indeed is I do a "dig -x
>" I get NXDOMAIN, thats to the prisoner at IANA, and the
> answer will presumably be negatively cached.
> So what precisely is it about the current set up that has become
> an issue?  Or is there something else we should know?

only that the reason we put up AS112 was to keep these queries off of
the root servers, and even so 90% of the queries coming to the root
servers are crud.  sinking these queries locally is desirable.  if
you come to the public AS112 servers then it shows a local config
error.  a HOWTO on this subject would probably be well received.
Paul Vixie

More information about the bind-users mailing list