DNS anti-spoofing
Cricket Liu
cricket at menandmice.com
Tue Nov 27 16:30:20 UTC 2001
> I`m trying to secure my DNS server.
> blackhole { "bogusnets"; }; option is very usefull.
> but I`m confused about what kind of network prefixes should I disable?
> ===
> 0.0.0.0/8;
> 1.0.0.0/8;
> 2.0.0.0/8;
> 192.0.2.0/24;
> 224.0.0.0/3;
> 10.0.0.0/8;
> 172.16.0.0/12;
> 192.168.0.0/16;
> === - are curently in my black list. //from BIND manual
> 10.0.0.0; 172.16.0.0; 192.169.0.0 - those are private address
> space and should stay within AS.
> Private addresses are clear, and they are documented in rfc too!
>
> question is about RESERVED-* netblocks from RIPE.
> I can`t find any rfc where is talking about RESERVED prefixes.
>
> can someone give some advice or some url for more info ?
See http://www.cymru.com/~robt/Docs/Articles/secure-bind-template.html.
cricket
Men & Mice
DNS Software & Services
www.menandmice.com
Attend our next DNS and BIND class! See
http://www.menandmice.com/8000/8000_dns_training.html
for the schedule and to register for upcoming classes
More information about the bind-users
mailing list