Re: [swinog] blackhole-1.iana.org : no servers could be reached
Hi All >> Yes, we are experiencing the same issues recently with ptr-requests >> forwarded to the iana blackhole nameservers. >> >> # dig -x 10.0.0.100 @blackhole-1.iana.org > > Traceroute? :) > Those nodes are anycasted. See previous answer or google AS112. ...and when you are trying to debug AS112 stuff you normally also want to try to run this: --snip # dig +short txt hostname.as112.arpa "Unique IP: 91.206.52.250 / 2001:7f8:24::fa" "See http://as112.net/ for more information." "AS112 at SwissIX, http://www.swissix.ch, Zurich, Switzerland" --snap This will surface the name of the node you are ending up with. Running a traceroute will probably not help so much because, as you already correctly stated, this is an anycasted ip-address. It may point you into the right direction, but it might as well misguide you. -- s w i s s i x - Swiss Internet Exchange Roman Hochuli Board Member ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] blackhole-1.iana.org : no servers could be reached
On 2016-10-27 20:13, Christian Fahrni wrote: > Hi Julien > > Yes, we are experiencing the same issues recently with ptr-requests > forwarded to the iana blackhole nameservers. > > # dig -x 10.0.0.100 @blackhole-1.iana.org Traceroute? :) Those nodes are anycasted. See previous answer or google AS112. Greets, Jeroen ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] blackhole-1.iana.org : no servers could be reached
Hi Julien Yes, we are experiencing the same issues recently with ptr-requests forwarded to the iana blackhole nameservers. # dig -x 10.0.0.100 @blackhole-1.iana.org ;; global options: +cmd ;; connection timed out; no servers could be reached We now configured our nameservers to respond to those requests immediately without sending the queries to internet servers, which they shouldn't do anyway for RFC1918 IPs [1][2] Regards, Christian [1] https://deepthought.isc.org/article/AA-00800/0 [2] https://www.iana.org/help/abuse-answers -> Information about "Blackhole" Servers 2016-10-27 16:13 GMT+02:00: > Hi, > are there some people experiencing issues on some AS when using > iana blackhole nameservers for localnets? > > I usually meet this response for instance: > dig 172.16.1.1 @blackhole-1.iana.org > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34667 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;172.16.1.1.IN A > > ;; Query time: 46 msec > ;; SERVER: 192.175.48.6#53(192.175.48.6) > ;; WHEN: Thu Oct 27 16: > > > But I don't get any reply packet on AS8220 (COLT). > dig 172.16.1.1 @blackhole-1.iana.org > ;; global options: +cmd > ;; connection timed out; no servers could be reached > > thank you. > > -- > |_|0|_| julien mabillard > |_|_|0| OpenPGP key fingerprint : F009 EFD0 8060 50FE DE07 4953 0E57 5BB0 > 8284 EF08 > |0|0|0| > > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] blackhole-1.iana.org : no servers could be reached
On 2016-10-27 16:13, m...@mbuf.net wrote: > Hi, > are there some people experiencing issues on some AS when using > iana blackhole nameservers for localnets? That is a AS112 project (https://www.as112.net/) which is heavily anycasted. You really want to do a traceroute for that destination. Greets, Jeroen ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] blackhole-1.iana.org : no servers could be reached
Hi, are there some people experiencing issues on some AS when using iana blackhole nameservers for localnets? I usually meet this response for instance: dig 172.16.1.1 @blackhole-1.iana.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34667 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;172.16.1.1.IN A ;; Query time: 46 msec ;; SERVER: 192.175.48.6#53(192.175.48.6) ;; WHEN: Thu Oct 27 16: But I don't get any reply packet on AS8220 (COLT). dig 172.16.1.1 @blackhole-1.iana.org ;; global options: +cmd ;; connection timed out; no servers could be reached thank you. -- |_|0|_| julien mabillard |_|_|0| OpenPGP key fingerprint : F009 EFD0 8060 50FE DE07 4953 0E57 5BB0 8284 EF08 |0|0|0| ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog