blocking resolving for 10.X.X.X addresses
Steve Foster
fosters at uk.psi.com
Mon Oct 28 12:54:02 UTC 2002
Hi there,
basically our customers have our resolver listed to resolve from, however
some obviously want to resolve private addresses locally, which is fair
enough, simple client change, however if for some reason the private
address isn't resolvable locally, then their request will hit our
resolvers, which are trying to doa lookup on the net before eventually
timing out...this can take up to 2 mins...i just basically want to either
dump these requests or give a null result back to the client from our
resolvers..
any thoughts
Steve
At 00:14 26/10/02 +0100, Simon Waters wrote:
>
>Steve Foster wrote:
>>
>> we have found customers trying to resolv 10.X.X.X addresses ( or any other
>> private addresses), i want to block these so they just get a "refused" or
>> hostname etc.. not found...
>
>I think more background is required.
>
>Paul and friends have a project (http://as112.net/) that is
>suppose to take care of this, and indeed is I do a "dig -x
>10.1.1.1" I get NXDOMAIN, thats to the prisoner at IANA, and the
>answer will presumably be negatively cached.
>
>So what precisely is it about the current set up that has become
>an issue?
>Or is there something else we should know?
>
>
>
Steve Foster
Senior Systems Administrator
PSINet Europe
Work: +44 (1223) 577322
Mobile: +44 (7720) 425911
More information about the bind-users
mailing list