Kurtis, >> Michel Py wrote: >> - Do not flood root servers with reverse lookup queries for >> private addresses (I want my traceroutes to work on the >> inside of the network too, so I long ago configured reverse >> lookup for private addresses on my internal DNS servers). > Kurt Erik Lindqvist wrote: > Say again? Where are all these bogus requests to reverse lookup an RFC1918 address coming from? From hosts with a RFC1918 address that do a traceroute. Even if the target of the traceroute is outside, the first hop is inevitably inside. The traceroute does a reverse lookup on each hop for display purposes; this reverse lookup fails on the local DNS server and might end up in one of the roots. However, if a reverse lookup zone (1.168.192.in-addr.arpa in this case) is configured in the DNS server that the host doing the traceroute is using, and if the correct PTR is configured (1.1.168.192.in-addr.arpa PTR cisco.arneill-py.sacrament.ca.us) the traceroute correctly reverse-lookups the first hop and that request never ends up in a root server. Also, it's faster because it does not waste 5 seconds timing out on the request. tracert www.ietf.org 1 1 ms 1 ms 1 ms cisco.arneill-py.sacrament.ca.us [192.168.1.1] 2 12 ms 12 ms 61 ms adsl-209-233-126-254.dsl.scrm01.pacbell.net [209.233.126.254] Michel.