Kurtis,
Michel Py wrote:
- Do not flood root servers with reverse lookup queries for
private addresses (I want my traceroutes to work on the
inside of the network too, so I long ago configured reverse
lookup for private addresses on my internal DNS servers).
Kurt Erik Lindqvist wrote:
Say again?
Where are all these bogus requests to reverse lookup an RFC1918 address
coming from? From hosts with a RFC1918 address that do a traceroute.
Even if the target of the traceroute is outside, the first hop is
inevitably inside. The traceroute does a reverse lookup on each hop for
display purposes; this reverse lookup fails on the local DNS server and
might end up in one of the roots.
However, if a reverse lookup zone (1.168.192.in-addr.arpa in this case)
is configured in the DNS server that the host doing the traceroute is
using, and if the correct PTR is configured (1.1.168.192.in-addr.arpa
PTR cisco.arneill-py.sacrament.ca.us) the traceroute correctly
reverse-lookups the first hop and that request never ends up in a root
server. Also, it's faster because it does not waste 5 seconds timing out
on the request.
tracert www.ietf.org
1 1 ms 1 ms 1 ms cisco.arneill-py.sacrament.ca.us
[192.168.1.1]
2 12 ms 12 ms 61 ms
adsl-209-233-126-254.dsl.scrm01.pacbell.net [209.233.126.254]
Michel.