Queries to DNS Blackholes don't respond
rob0 at gmx.co.uk
Wed Apr 18 14:53:35 UTC 2018
On Wed, Apr 18, 2018 at 11:44:27AM -0300, Roberto Carna wrote:
> Dear, I have impelmented a BIND9 server. It works OK, but some days
> ago an application failed because it needed to resolve the reverse of
> some IP addresses from range 10.x.x.x, and they waited for a long time
> and failed, because they need a NXDOMAIN fast response.
> I don't want to make a local zone 10.IN-ADDR.ARPA,
You don't need to. See the "built-in empty zones" section of the
BIND 9 ARM, chapter 6.
> because I want to
> use the two public nameservers from Internet:
> BLACKHOLE-1.IANA.ORG (18.104.22.168)
> BLACKHOLE-2.IANA.ORG (22.214.171.124)
What?? Why? Those are not supposed to be used. BIND now includes
empty zones for all RFC 1918 and other reserved netblocks which
shouldn't ever appear on the open Internet.
If you use some of these networks inside your organization, you can
have authoritative zones for the corresponding in-addr.arpa zones.
> Is it OK that I do? Are blackholes servers useful for this purpose ?
Not at all. That's why we have the automatic empty zones. Sadly,
many distributors are not aware of the feature, so they distribute
named.conf with kludges.
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the bind-users