change in reverse dns lookup behavior
Mark Andrews
Mark_Andrews at isc.org
Fri May 13 00:24:54 UTC 2005
> Kevin Darcy wrote:
> > cool burn wrote:
> >
> > >Hello,
> > >
> > >We have an internal network of the form 10.x.x.x
> > >
> > >We have two DNS servers (bind 9.2.1) that are
> > >multi-homed, but are used by the internal network at
> > >10.0.0.10 and 10.0.0.11
> > >
> > >All of the internal servers have resolv.conf setup as:
> > >nameserver 10.0.0.10
> > >nameserver 10.0.0.11
> > >
> > >This has worked perfectly for 8 months.
> > >
> > >Today, we suddenly started getting timeouts in our
> > >application server connecting to our db server. Then,
> > >I saw I was also getting very slow times to connect
> > >using SSH. I knew right away this was DNS related.
>
> We had the exact same problem. Also noticed with SSH first. With
> 10.17.34 which we dont have a zonefile for. Since 16:00 (CEST) we have
> had timeouts whenever trying to lookup stuff in that range - we never
> had this before. This also affected the ability to lookup some 192.168
> addresses - it partly worked, partly didn't work.
>
> But now, since 00:15 CEST approx suddenly the timeouts have disappeared
> and everything seem to work again!
>
> A global glitch in the matrix?
>
>
> >
> > >My question is, why did we only just now start
> > >noticing this behavior?
> > >
> > No idea. Nothing on the Internet side changed, maybe something in your
> > network did...
>
> /Ole
Please configure your servers to serve 10.IN-ADDR.ARPA. It
can be a empty zone if you want (SOA and NS records only).
This will prevent you leaking reverse queries to the servers
for 10.in-addr.arpa on the Internet as is required by RFC 1918.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list