Hello Chris,
I can say that we noticed, about a year ago, some type of blackhole-like
behavior.
We discovered an issue where some of our recursive servers (oddly limited to
servers in Eastern US) would get a timeout (i.e., ;; connection timed out; no
servers could be reached) from RFC1918 PTR requests instead of the normal
NXDOMAIN response.
Instead of trying to find out who/what/why/where our queries were being
dropped, we figured the better thing to do is to stop the DNS pollution from
leaving our network in the first place. So, that became our plan of action.
Ironically, within days after we customized our servers for handling RFC1918, a
new BIND version came out with the "empty-zones-enable yes;" option which
accomplished the same thing, but better.
That timing was strange.
What is more strange than that?
I was able to verify we were still being blackholed when I started to compose
this email.
When I run some additional testing now, it seems we are no longer seeing the
blackhole-like behavior.
Perhaps your inquiry put some fix magic in motion, or I should buy a lotto
ticket (?). Perhaps both.
>________________________________
> From: "Roosenraad, Chris" <[email protected]>
>To: DNS Operations List <[email protected]>
>Sent: Friday, November 16, 2012 2:47 PM
>Subject: [dns-operations] PTR records, and IANA blackhole
>
>All,
>
>Anyone else seeing timeouts from blackhole-1.iana.org and
>blackhole-2.iana.org?
>
>--
>Chris R. Roosenraad
>Director, Systems/Applications
>Architecture, Development & Engineering
>13820 Sunrise Valley Drive
>Herndon, VA 20171
>+1 (703) 345 3438
>[email protected]
>
>
>This E-mail and any of its attachments may contain Time Warner Cable
>proprietary information, which is privileged, confidential, or subject to
>copyright belonging to Time Warner Cable. This E-mail is intended solely for
>the use of the individual or entity to which it is addressed. If you are not
>the intended recipient of this E-mail, you are hereby notified that any
>dissemination, distribution, copying, or action taken in relation to the
>contents of and attachments to this E-mail is strictly prohibited and may be
>unlawful. If you have received this E-mail in error, please notify the sender
>immediately and permanently delete the original and any copy of this E-mail
>and any printout.
>_______________________________________________
>dns-operations mailing list
>[email protected]
>https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>dns-jobs mailing list
>https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
>
>
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
