Blackhole DNS
Nate Campi
nate at wired.com
Thu Feb 21 22:27:48 UTC 2002
On Thu, Feb 21, 2002 at 09:59:49PM +0000, Martin Stewart wrote:
> When a server is being accessed by clients with private addresses
> (RFC1918) is it best practice to make the server's caching DNS server
> authoritative for 10.in-addr.arpa?
This shouldn't be an issue. If a server is reachable by clients with
RFC1918 IPs, then the local nameservers should already be able to
resolve those IPs. This is simply proper administration.
Backbone routers should/would/will not route RFC1918 IPs so if you don't
have any local IPs like that, a server should never see them, and not
need to resolve them.
> I've recently seen a problem which I claimed might have been caused by an
> outage (or us not being able to reach) the blackhole servers at blackhole-
> 1.iana.org and I was wondering how other people solved that issue.
See above, it shouldn't be a problem. If it is, set a local nameserver
as authoritative for those IP ranges/zones and make any caches forward
requests for those zone/ranges to your authoritative nameservers.
--
Nate Campi Job: hostmaster at lycos.com and root at wired.com
"Confucius say: He who play in root, eventually kill tree."
More information about the bind-users
mailing list