Queries to DNS Blackholes don't respond
robertocarna36 at gmail.com
Wed Apr 18 15:30:33 UTC 2018
Dear people, I know the best way is to make in-addr.arpa local zones in my BIND.
But also I think the BLACKHOLE SERVERS can be used, because they were
created for this reason.: respond to RFC 1918 networks queries.
So why the BLACKHOLE servers don't respond anymore ? Just one time I
could get a responde from them.
2018-04-18 11:53 GMT-03:00 /dev/rob0 <rob0 at gmx.co.uk>:
> On Wed, Apr 18, 2018 at 11:44:27AM -0300, Roberto Carna wrote:
>> Dear, I have impelmented a BIND9 server. It works OK, but some days
>> ago an application failed because it needed to resolve the reverse of
>> some IP addresses from range 10.x.x.x, and they waited for a long time
>> and failed, because they need a NXDOMAIN fast response.
>> I don't want to make a local zone 10.IN-ADDR.ARPA,
> You don't need to. See the "built-in empty zones" section of the
> BIND 9 ARM, chapter 6.
>> because I want to
>> use the two public nameservers from Internet:
>> BLACKHOLE-1.IANA.ORG (220.127.116.11)
>> BLACKHOLE-2.IANA.ORG (18.104.22.168)
> What?? Why? Those are not supposed to be used. BIND now includes
> empty zones for all RFC 1918 and other reserved netblocks which
> shouldn't ever appear on the open Internet.
> If you use some of these networks inside your organization, you can
> have authoritative zones for the corresponding in-addr.arpa zones.
>> Is it OK that I do? Are blackholes servers useful for this purpose ?
> Not at all. That's why we have the automatic empty zones. Sadly,
> many distributors are not aware of the feature, so they distribute
> named.conf with kludges.
> Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users