Queries to DNS Blackholes don't respond
Roberto Carna
robertocarna36 at gmail.com
Wed Apr 18 15:30:33 UTC 2018
Dear people, I know the best way is to make in-addr.arpa local zones in my BIND.
But also I think the BLACKHOLE SERVERS can be used, because they were
created for this reason.: respond to RFC 1918 networks queries.
So why the BLACKHOLE servers don't respond anymore ? Just one time I
could get a responde from them.
Regards!!!
2018-04-18 11:53 GMT-03:00 /dev/rob0 <rob0 at gmx.co.uk>:
> On Wed, Apr 18, 2018 at 11:44:27AM -0300, Roberto Carna wrote:
>> Dear, I have impelmented a BIND9 server. It works OK, but some days
>> ago an application failed because it needed to resolve the reverse of
>> some IP addresses from range 10.x.x.x, and they waited for a long time
>> and failed, because they need a NXDOMAIN fast response.
>>
>> I don't want to make a local zone 10.IN-ADDR.ARPA,
>
> You don't need to. See the "built-in empty zones" section of the
> BIND 9 ARM, chapter 6.
>
>> because I want to
>> use the two public nameservers from Internet:
>>
>> BLACKHOLE-1.IANA.ORG (192.175.48.6)
>> BLACKHOLE-2.IANA.ORG (192.175.48.42)
>
> What?? Why? Those are not supposed to be used. BIND now includes
> empty zones for all RFC 1918 and other reserved netblocks which
> shouldn't ever appear on the open Internet.
>
> If you use some of these networks inside your organization, you can
> have authoritative zones for the corresponding in-addr.arpa zones.
>
> [snip]
>> Is it OK that I do? Are blackholes servers useful for this purpose ?
>
> Not at all. That's why we have the automatic empty zones. Sadly,
> many distributors are not aware of the feature, so they distribute
> named.conf with kludges.
> --
> http://rob0.nodns4.us/
> Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list