No query to root-nameserver for private ips

[Barry Margolin]

In article <dvcn7b$1h77$1 at sf1.isc.org>,
 Leopold Aichinger <tux at example.com> wrote:

> How can I make my dns "a root-nameserver" for the zone 10.in-addr.arpa 
> or for the zone 10.168.192.in-addr.arpa
> The iana has blackhole-server who do this job - how can I now configure
> my own blackhole-server for private net-addresses I don't use?

What you've done looks correcet.

I think you're seeing misleading results because you're using the +trace 
option to dig.  It always works its way down from the root servers, 
because the purpose of that option is to show you the path through the 
DNS hierarchy.  So it doesn't show you what your local DNS would return.  
The @127.0.0.1 option is only used for the first query of the "." NS 
records -- take a look at all the "Received ### bytes from" lines that 
it prints, and you'll see that most of them are not from 127.0.0.1, 
they're from the real servers out on the Internet.

So try doing a dig without +trace and I think you should get the 
expected NXDOMAIN errors.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***