I know that it sounds like a bad line from a movie, but it is really a valid point in computing too. So which prisoner am I speaking of? Lets see if you can guess, so your options are:

  • The Beagle Boys, you know from Donald Duck.
  • prisoner.iana.org, one of the servers that blackholes bad DNS queries.
  • Al Capone, the famous gangster.
  • Aung San Suu Kyi, political prisoner of Burma.

Well even if I think most of these prisoners are interesting today my plan is to write about prisoner.iana.org.

Why and how we can avoid it.

Prisoner.iana.org and its buddies blackhole-1.iana.org and blackhole-2.iana.org does answer questions about RFC1918 reverse lookups that get out in the wild. So what is RFC1918, well that request for comments specifies which IPv4 addresses are allowed for private use. These addresses are used by countless companies and homes. So the reverse of a these addresses should never be sent outside of your company and home, else prisoner.iana.org or it buddies will answer.

So what reverse zones should I have in my DNS to be a good net user? There is a RFC called 6303 which specifies which reverse zones one should make sure to have:

RFC1918 reverse zones

Network Zone 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa

Some bonuses that you should also have:

Network Zone 127.in-addr.arpa 254.169.in-addr.arpa

IPv6 reverse zones that you should consider:


So by creating these zone you can help lower the hits on the prisoner.iana.org and get a faster and more stable DNS environment.