the hack i posted yesterday only attacks a symptom. the real problem is
queries like
dennis 7141063 0:00 0:00 11148K Rendez dns [reading
outside reply from 10.128.1.22 for 190.73-94-123.dyn.dsl.cantv.net ip]
which for us is bogus, but could be valid in some cases, causes an infinite
lookup loop. trying to make a special case for unroutable addresses is
probablly the wrong route. (you might have an internal dns server or two
on an unrouteable address.) i think, in fact, that any lookup on a set of
nameservers that are all unavailable will never complete.
- erik
p.s. it turns out that on most networks, ptr queries on *.168.192.in-addr.arpa
work just fine returning a negative rcode. for us, our provider is dropping
these packets. the ns is for 168.192.in-addr.arpa is 192.175.x.y. i suspect
that
someone's routing table has has a 192.168/12 instead of a /16.
