mailing list archives
RE: Net-24 top prefix generating bogus RFC-1918 queries
From: Sean Donelan <sean () donelan com>
Date: Mon, 2 Jun 2003 00:26:16 -0400 (EDT)
On Sun, 1 Jun 2003, McBurnett, Jim wrote:
guys.. I have a thought...
I am a charter fiber customer..
AND they use lots of 1918 address for management even some customer links.
I have seen this on all the cable providers..
unlike Sprint/MCI/ATT they don't use 100% RW on all their equipment..
then they leak because the BGP is not filtering properly..
A DNS lookup for a RFC1918 in-addr.arpa record is unrelated to BGP or
If you want to generate an RFC1918 in-addr.arpa query to the AS112
servers do the following
Default Server: localhost
origin = prisoner.iana.org
mail addr = hostmaster.root-servers.org
serial = 2002040800
refresh = 1800 (30M)
retry = 900 (15M)
expire = 604800 (1W)
minimum ttl = 604800 (1W)
Authoritative answers can be found from:
10.in-addr.arpa nameserver = BLACKHOLE-1.iana.org
10.in-addr.arpa nameserver = BLACKHOLE-2.iana.org
BLACKHOLE-1.iana.org internet address = 126.96.36.199
BLACKHOLE-2.iana.org internet address = 188.8.131.52
Your query will then be included in John's statistics. You BGP filters
will not stop it.