Probably not the most useful question, but I'm curious:
I understand (in theory) that if a reverse lookup for a private IP makes it makes it past your own DNS servers you should get back "prisoner.iana.org" "blackhole-1.iana.org" or "blackhole-2.iana.org" I don't understand why there's more than one however. Can anyone explain?
The blackhole servers contain DNS zones for the 10.in-addr.arpa, 16.172.in-addr.arpa, and 168.192.in-addr.arpa ranges, so cover all private IP addresses. prisoner.iana.org is the primary DNS server for those zones, the other 2 are secondary servers, used for backup and for when the primary server is to busy.
The blackhole-[12].iana.org servers are part of a DNS Anycast cloud operated by AS112 designed to soak up PTR record queries for the RFC 1918 private network address space and the 169.254/16 autoconfiguration block.
This was done to mitigate the traffic that these useless queries were inflicting on the DNS root name servers.
All such PTR queries to the name servers return NXDOMAIN.
The standard for the DNS, RFC 1034 says (section 4.1) that, for reliability reasons, every DNS zone must have at least two name servers. This apply also to the "reverse" zones such as 10.in-addr.arpa and so on.
