blocking resolving for 10.X.X.X addresses

[Paul Vixie]

> > we have found customers trying to resolv 10.X.X.X addresses ( or any other
> > private addresses), i want to block these so they just get a "refused" or
> > hostname etc.. not found...
> 
> Paul and friends have a project (http://as112.net/) that is
> suppose to take care of this, and indeed is I do a "dig -x
> 10.1.1.1" I get NXDOMAIN, thats to the prisoner at IANA, and the
> answer will presumably be negatively cached.
> 
> So what precisely is it about the current set up that has become
> an issue?  Or is there something else we should know?

only that the reason we put up AS112 was to keep these queries off of
the root servers, and even so 90% of the queries coming to the root
servers are crud.  sinking these queries locally is desirable.  if
you come to the public AS112 servers then it shows a local config
error.  a HOWTO on this subject would probably be well received.
-- 
Paul Vixie