blocking resolving for 10.X.X.X addresses
vixie at as.vix.com
Sat Oct 26 06:28:12 UTC 2002
> > we have found customers trying to resolv 10.X.X.X addresses ( or any other
> > private addresses), i want to block these so they just get a "refused" or
> > hostname etc.. not found...
> Paul and friends have a project (http://as112.net/) that is
> suppose to take care of this, and indeed is I do a "dig -x
> 10.1.1.1" I get NXDOMAIN, thats to the prisoner at IANA, and the
> answer will presumably be negatively cached.
> So what precisely is it about the current set up that has become
> an issue? Or is there something else we should know?
only that the reason we put up AS112 was to keep these queries off of
the root servers, and even so 90% of the queries coming to the root
servers are crud. sinking these queries locally is desirable. if
you come to the public AS112 servers then it shows a local config
error. a HOWTO on this subject would probably be well received.
More information about the bind-users