something like that. see http://www.ietf.org/ids.by.wg/dnsop.html
in particular http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt -art On 8/14/07, erik quanstrom <[EMAIL PROTECTED]> wrote: > on the dns front, i've found that some spam senders are > arranging things so that the guys doing reverse-lookup > validataion will get 192.168 or 10. addresses. for some reason > arin doesn't return an address for a query on 10.in-addr.arpa > or 168.192.in-addr.arpa, so dns will loop from the top and never > time out. > > this doesn't fix the problem, but it will stop these kinds of queries in > their tracks. add to /lib/ndb/$myrecursiveserver: > > # > # spam defense. unfortunately, arin doesn't give negative > # rcodes for these non-routable addresses. we'll do it for > # them > # > dom=168.192.in-addr.arpa soa= > refresh=3600 ttl=3600 > ns=ns1.MY.DOM > ns=ns2.MY.DOM > > dom=10.in-addr.arpa soa= > refresh=3600 ttl=3600 > ns=ns1.MY.DOM > ns=ns2.MY.DOM > > - erik >
