blocking resolving for 10.X.X.X addresses
fosters at uk.psi.com
Mon Oct 28 12:54:02 UTC 2002
basically our customers have our resolver listed to resolve from, however
some obviously want to resolve private addresses locally, which is fair
enough, simple client change, however if for some reason the private
address isn't resolvable locally, then their request will hit our
resolvers, which are trying to doa lookup on the net before eventually
timing out...this can take up to 2 mins...i just basically want to either
dump these requests or give a null result back to the client from our
At 00:14 26/10/02 +0100, Simon Waters wrote:
>Steve Foster wrote:
>> we have found customers trying to resolv 10.X.X.X addresses ( or any other
>> private addresses), i want to block these so they just get a "refused" or
>> hostname etc.. not found...
>I think more background is required.
>Paul and friends have a project (http://as112.net/) that is
>suppose to take care of this, and indeed is I do a "dig -x
>10.1.1.1" I get NXDOMAIN, thats to the prisoner at IANA, and the
>answer will presumably be negatively cached.
>So what precisely is it about the current set up that has become
>Or is there something else we should know?
Senior Systems Administrator
Work: +44 (1223) 577322
Mobile: +44 (7720) 425911
More information about the bind-users