:: > # dig -x 10.0.0.100 @blackhole-1.iana.org
:: Traceroute? :)
:: 

traceroute to blackhole-1.iana.org (192.175.48.6), 64 hops max, 40 byte packets
 1  gateway.ecucenter.org (193.73.242.101)  0.204 ms  0.204 ms  0.159 ms
 2  213.173.181.181 (213.173.181.181)  0.843 ms  1.057 ms  0.757 ms
 3  te0-1-0-0-pr2.ZRH.router.colt.net (212.74.87.3)  7.114 ms  7.611 ms  6.554 
ms
 4  blackhole-1.iana.org (192.175.48.6)  4.916 ms  4.643 ms  5.305 ms

I tried the COLT[0] looking glass, it gives me (Zurich):
Paths: (6 available, best #5)
but only 2 first paths are printed.

I know that this is kind of bad practice as any localnet should not leak
with dns requests but this happenned on some mail gateway appliances that
directly use root nameservers and then use them globally without caring for
localnets (PTR resolution).

As workaround I will use local nameservers that correctly reply for
such requests.

but still I'd like to understand what happens. We got notified last
Friday afternoon of sudden stop of these responses.

I know this seems to happen same time when Dyn ddos happened.
AFAIK rootnameservers were not victims of the attack.

BTW I still get an increased traffic of servfail since Friday,
and those are PTR requests (not localnet).

thanks for your answers.

[0] https://portal.colt.net/lg/
--


_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Antwort per Email an