Blackhole DNS
Kevin Darcy
kcd at daimlerchrysler.com
Thu Feb 21 22:48:51 UTC 2002
Yes, when using RFC 1918 addresses, you should define reverse DNS zones at
the highest possible level in the hierarchy (e.g. 168.192.in-addr.arpa,
10.in-addr.arpa). Why the highest possible level, rather than just the slice
that you need, e.g. 1.168.192.in-addr.arpa? Because that way you avoid bogus
queries for mistyped addresses as well. You can always delegate if the zone
gets too large...
- Kevin
Martin Stewart wrote:
> When a server is being accessed by clients with private addresses
> (RFC1918) is it best practice to make the server's caching DNS server
> authoritative for 10.in-addr.arpa?
>
> I've recently seen a problem which I claimed might have been caused by an
> outage (or us not being able to reach) the blackhole servers at blackhole-
> 1.iana.org and I was wondering how other people solved that issue.
>
> Come to that are there any stats on the blackhole servers?
>
> Thanks,
>
> Martin Stewart
More information about the bind-users
mailing list