Ran across two different DNS hosters in the last two weeks that were blocking space that was de-bogoned 2.5 years ago... =( One started as an e-mail issue, the other as a web access. The e-mail issue showed up as the server sending the sender an "I can't deliver this e-mail because I can't resolve the DNS info", and digs from the e-mail server confirmed the case. Testing from our old IP address space worked, so it was clear it was some kind of block based on IP address. The web browsing one was easy, too, because the customer was able to browse (when they had old DNS servers) and then couldn't (when we handed out new DNS servers). Since the e-mail issue was fresh in our mind, it was one of the first things we tested. I hope both DNS hosters took the time to update the rest of their bogon lists, too, not just remove our space from the bogon list. Frank -----Original Message----- From: Steve Dalberg [mailto:steve+nanog@sendithere.com] Sent: Friday, May 08, 2009 9:45 AM To: Oliver Hookins Cc: nanog@nanog.org Subject: Re: Checking bogon status of new address space Having recently received some de-bogon'ed addressing in or about this March, I can tell you that the one problem I had was people that had not updated their Bind Bogon filters ( http://www.cymru.com/Documents/secure-bind-template.html) and so were not responding to requests from our address space, so we just moved our dns cache boxes back to our older Level3 address space. Took a while to figure that one out though. Steve 2009/5/7 Oliver Hookins <oliver.hookins@anchor.com.au>
Hi,
my company has just been allocated some new IPv4 address space, and I want to do some sort of automated testing to find out any ASs out there that haven't removed the /8 it's on from their bogon list (the allocation to our local registry only occurred in November last year).
Has anybody attempted to do this? It is worth bothering? Currently I'm considering pulling out all the endpoint ASs out of the BGP table, finding at least one subnet for each of them and attempting to ping or reach other common ports on a single IP for each AS from our currently working address space, and then the new address space and comparing results.
-- Regards, Oliver Hookins Anchor Systems