In message <[email protected]>, Chris Thom pson writes: > I came across this while investigating the 172.in-addr.arpa KSK rollover > problem, but it is unrelated. > > t.arin.net is configured with dummy empty zones for [16-31].172.in-addr.arpa, > as well as 168.192.in-addr.arpa (and 10.in-addr.arpa, but it's unlikely to > get asked about that one). They look exactly like the "automatic empty zones" > of all modern BIND versions. > > The other seven official nameservers [ruvwxyz].arin.net for the zones > {176,192}.in-addr.arpa are not so configured. They return a referral > to the AS112 servers blackhole-{1,2}.iana.org when queried for RFC1918 > addresses. > > It isn't obvious that this does any harm - RFC1918 reverse queries that > escape onto the Internet get an NXDOMAIN one way or another, but the > inconsistency is somewhat confusing.
It breaks code that is used to determine if reverse queries for these address are leaking onto the internet. It also doesn't move the leaked traffic to the sacrificial servers. One server doing it shouldn't be big problem. All of them doing it would be a big problem. Mark > -- > Chris Thompson University of Cambridge Information Services, > Email: [email protected] Roger Needham Building, 7 JJ Thomson Avenue, > Phone: +44 1223 334715 Cambridge CB3 0RB, United Kingdom. > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
