First of all, what's this? see: http://www.iana.org/faqs/abuse-faq.htm#FAQonBlackholeServers
I admin a high-volume site that runs its IMGate boxes on RFC1918 IPs. postfix, sshd, etc do a PTR query for every connecting IP. Over the weekend, IANA's blackhole NSs started acting like blackholes (no response), instead of returning a negative answer for every PTR query. mx1# dig @BLACKHOLE-2.IANA.ORG 7.17.1.10.in-addr.arpa. any +short ;; connection timed out; no servers could be reached When postfix got a negative answer to a PTR query for RFC1918 IPs, it maillogs the IP as: unknown[10.1.17.7] If you have not setup your own reverse zone files for your RFC1918 subnets, then probably your NSs are "leaking" PTR queries to Internet for RFC1918 IPs, get referred to the IANA blackhole servers, where they time out, as of this weekend. This effectively kills the response time of postfix, sshd as the resolvers wait 10s of seconds for a response (similar to postfix getting killed by RBL server that times out). The solution is: 1. stop your NSs from querying Internet for PTR of RFC1918 IPs by hosting your reverse zone files for your RFC1918 subnets. or 2. add lines to /etc/hosts like this for every RFC 1918 IP: 10.1.1.23 mybox.mydomain.tld ... which provides both A and PTR. Len
