Re: DNS requests for 1918 space

[Crist Clark <crist.clark () globalstar com>]

Duane Wessels wrote:

> > The IN-ADDR.ARPA delegations for RFC1918 space are just like any
> > other block. You'll just end up hitting IANA's blackhole servers,
> > and not all that much, the cache times are one week.
>
>
> In theory, yes.
>
> In reality there are quite a few resolvers that, apparently, do not
> receive the delegation response and continue to hit the roots with
> PTR queries for RFC1918 space.

Is there something special about RFC1918 in this respect? Wouldn't
these resolvers not work for all of the IN-ADDR.ARPA space? Wouldn't
they be hitting the roots with all kinds of PTR queries?

> Recent measurements at a single instance of an anycasted root server
> show that at least 250 such resolvers generate between 60-120 RFC1918
> PTR queries/sec.

I assume (and no idea really if it is a good assumption or not) that
the bulk of these broken resolvers do not belong to ISPs. The original
recipient said specficially that he was using his ISP's nameservers.
If he has broken resolvers, but the ISP servers are sane, he'll
obviously end up pounding the ISP servers and perhaps the IANA blackhole
servers if the queries are unique, but not the root servers.

But yes there are plenty of broken resolvers out there. One of my
current favorites is something in Novell print services that likes to
do A queries on a single printer name several dozen times per second, 
wait a few seconds or minutes, then do a query storm on another printer
name. These account for over 90% of the queries on some internal
DNS servers.
--
Crist J. Clark                               crist.clark () globalstar com
Globalstar Communications                                (408) 933-4387