Blackholing / Load help

Dan Foster usenet at
Wed Nov 30 00:31:33 UTC 2005

In article <dmirft$1c7b$1 at>, Mark Andrews <Mark_Andrews at> wrote:
>> Also seperately did anyone know that you can not put a CIDR less the /9 in
>> the blackhole list?  If you do bind immediatly throws SERVFAIL on any query
>> you try to make from any IP. 
> 	I can't parse the above.  An example would help.

I think he's saying that if you specify, e.g.:

acl abusers {

options {
	blackhole { abusers; };

(Where you want to block any queries from IPv4 netblock resulting in such a behavior where *any* host querying the
nameserver, from *any* IP, is getting stopped by a SERVFAIL response.

But only if the ACL is for /8, /7, /6, ... /1.

That'd be an interesting issue if it holds true. I haven't personally
seen this one, but then again, I don't believe I currently blackhole on
anything larger than a /24 or so.

Mr. McLaughlin (the original poster), is this an accurate summary?

Also, Mr. McLaughlin, what BIND version do you see this behavior, please?

More information about the bind-users mailing list