Re: Queries to DNS Blackholes don't respond

2018-04-19 Thread Roberto Carna
packets or the > responses (RFC 6305 focuses on that particular scenario, although its main > recommendation for mitigation is to not send the queries to the AS112 servers > in the first place). > > - Kevin > > > > -

RE: Queries to DNS Blackholes don't respond

2018-04-18 Thread Darcy Kevin (FCA)
ay, April 18, 2018 11:31 AM To: bind-users@lists.isc.org Subject: Re: Queries to DNS Blackholes don't respond Dear people, I know the best way is to make in-addr.arpa local zones in my BIND. But also I think the BLACKHOLE SERVERS can be used, because they were created for this reason.: resp

Re: Queries to DNS Blackholes don't respond

2018-04-18 Thread Mark Andrews
They were created as sacrificial servers to protect the arpa servers. If you use RFC 1918 addresses you are supposed to run your own servers. Read RFC 1918 about not leaking stuff. -- Mark Andrews > On 19 Apr 2018, at 01:30, Roberto Carna wrote: > > Dear people, I know the best way is to ma

Re: Queries to DNS Blackholes don't respond

2018-04-18 Thread Roberto Carna
Dear people, I know the best way is to make in-addr.arpa local zones in my BIND. But also I think the BLACKHOLE SERVERS can be used, because they were created for this reason.: respond to RFC 1918 networks queries. So why the BLACKHOLE servers don't respond anymore ? Just one time I could get a r

Re: Queries to DNS Blackholes don't respond

2018-04-18 Thread Roberto Carna
Sorry, after query succesfully the DNS Blackholes, I repeat the command and the same servers couldn't be reached anymore: DNS:~# host -t NS 10.IN-ADDR.ARPA 192.175.48.6 ;; connection timed out; no servers could be reached DNS:~# host -t NS 10.IN-ADDR.ARPA 192.175.48.42 ;; connection timed out; no

Re: Queries to DNS Blackholes don't respond

2018-04-18 Thread /dev/rob0
On Wed, Apr 18, 2018 at 11:44:27AM -0300, Roberto Carna wrote: > Dear, I have impelmented a BIND9 server. It works OK, but some days > ago an application failed because it needed to resolve the reverse of > some IP addresses from range 10.x.x.x, and they waited for a long time > and failed, because

Re: Queries to DNS Blackholes don't respond

2018-04-18 Thread Matus UHLAR - fantomas
On 18.04.18 11:44, Roberto Carna wrote: Dear, I have impelmented a BIND9 server. It works OK, but some days ago an application failed because it needed to resolve the reverse of some IP addresses from range 10.x.x.x, and they waited for a long time and failed, because they need a NXDOMAIN fast re

Queries to DNS Blackholes don't respond

2018-04-18 Thread Roberto Carna
Dear, I have impelmented a BIND9 server. It works OK, but some days ago an application failed because it needed to resolve the reverse of some IP addresses from range 10.x.x.x, and they waited for a long time and failed, because they need a NXDOMAIN fast response. I don't want to make a local zone