Re: [swinog] blackhole-1.iana.org : no servers could be reached

2016-10-30 Diskussionsfäden Roman Hochuli 
Hi All

>> Yes, we are experiencing the same issues recently with ptr-requests
>> forwarded to the iana blackhole nameservers.
>>
>> # dig -x 10.0.0.100 @blackhole-1.iana.org
> 
> Traceroute? :)
> Those nodes are anycasted. See previous answer or google AS112.

...and when you are trying to debug AS112 stuff you normally also want
to try to run this:

--snip
# dig +short txt hostname.as112.arpa
"Unique IP: 91.206.52.250 / 2001:7f8:24::fa"
"See http://as112.net/ for more information."
"AS112 at SwissIX, http://www.swissix.ch, Zurich, Switzerland"
--snap

This will surface the name of the node you are ending up with. Running a
traceroute will probably not help so much because, as you already
correctly stated, this is an anycasted ip-address. It may point you into
the right direction, but it might as well misguide you.

-- 
s w i s s i x - Swiss Internet Exchange
Roman Hochuli
Board Member


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] blackhole-1.iana.org : no servers could be reached

2016-10-27 Diskussionsfäden Jeroen Massar 
On 2016-10-27 20:13, Christian Fahrni wrote:
> Hi Julien
> 
> Yes, we are experiencing the same issues recently with ptr-requests
> forwarded to the iana blackhole nameservers.
> 
> # dig -x 10.0.0.100 @blackhole-1.iana.org

Traceroute? :)

Those nodes are anycasted. See previous answer or google AS112.

Greets,
 Jeroen



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] blackhole-1.iana.org : no servers could be reached

2016-10-27 Diskussionsfäden Christian Fahrni 
Hi Julien

Yes, we are experiencing the same issues recently with ptr-requests
forwarded to the iana blackhole nameservers.

# dig -x 10.0.0.100 @blackhole-1.iana.org
;; global options: +cmd
;; connection timed out; no servers could be reached

We now configured our nameservers to respond to those requests
immediately without sending the queries to internet servers, which
they shouldn't do anyway for RFC1918 IPs [1][2]

Regards,
Christian

[1] https://deepthought.isc.org/article/AA-00800/0
[2] https://www.iana.org/help/abuse-answers -> Information about
"Blackhole" Servers


2016-10-27 16:13 GMT+02:00  :
> Hi,
> are there some people experiencing issues on some AS when using
> iana blackhole nameservers for localnets?
>
> I usually meet this response for instance:
> dig 172.16.1.1 @blackhole-1.iana.org
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34667
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;172.16.1.1.IN  A
>
> ;; Query time: 46 msec
> ;; SERVER: 192.175.48.6#53(192.175.48.6)
> ;; WHEN: Thu Oct 27 16:
>
>
> But I don't get any reply packet on AS8220 (COLT).
> dig 172.16.1.1 @blackhole-1.iana.org
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
>
> thank you.
>
> --
> |_|0|_| julien mabillard
> |_|_|0| OpenPGP key fingerprint : F009 EFD0 8060 50FE DE07 4953 0E57 5BB0 
> 8284 EF08
> |0|0|0|
>
>
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] blackhole-1.iana.org : no servers could be reached

2016-10-27 Diskussionsfäden Jeroen Massar 
On 2016-10-27 16:13, m...@mbuf.net wrote:
> Hi,
> are there some people experiencing issues on some AS when using
> iana blackhole nameservers for localnets?

That is a AS112 project (https://www.as112.net/) which is heavily anycasted.

You really want to do a traceroute for that destination.

Greets,
 Jeroen



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] blackhole-1.iana.org : no servers could be reached

2016-10-27 Diskussionsfäden maj 
Hi,
are there some people experiencing issues on some AS when using
iana blackhole nameservers for localnets?

I usually meet this response for instance:
dig 172.16.1.1 @blackhole-1.iana.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34667
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;172.16.1.1.IN  A

;; Query time: 46 msec
;; SERVER: 192.175.48.6#53(192.175.48.6)
;; WHEN: Thu Oct 27 16:


But I don't get any reply packet on AS8220 (COLT).
dig 172.16.1.1 @blackhole-1.iana.org
;; global options: +cmd
;; connection timed out; no servers could be reached

thank you.

-- 
|_|0|_| julien mabillard
|_|_|0| OpenPGP key fingerprint : F009 EFD0 8060 50FE DE07 4953 0E57 5BB0 8284 
EF08
|0|0|0| 


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog