GENERATE Command

Mark Damrose mdamrose at elgin.cc.il.us
Mon Dec 30 01:45:04 UTC 2002


"Jeff Grossman" <jeff at stikman.com> wrote in message
news:auo2rl$8h6i$1 at isrv4.isc.org...
>
> Doug Barton <DougB at DougBarton.net> wrote:
>
> >
> >On Fri, 27 Dec 2002, Jeff Grossman wrote:
> >
> >>
> >> I have my own DNS zone setup as a blackhole zone for IP numbers I do
> >> not want to receive e-mail from.
> >
> >This doesn't sound like a problem that DNS is the ideal solution for, but
> >it's your time to spend.
> >
>
> I guess you don't use RBL DNS zones.  For an e-mail server, this is a
> great method of blocking unwanted IP numbers.
>
> >> So far I have only been using single IP address which point to an A
> >> record of 127.0.0.2.  But, now I want to block a whole range of
> >> addresses.  I have looked at the Bind ARM manual, and found the
GENERATE
> >> command.  But, I need some help.  How would I go about blocking a range
> >> like 10.10.192/19 and 10.10.0/18?
> >
> >Unless I'm missing something, you'd need zone entries in named.conf for
> >each of the /24's. You could point them all to the same zone file though.
> >http://dougbarton.net/bind-users/FAQ.html#SameFile
>
> Here is a copy of the beginning of my zone file:
>
> $TTL 3H
> blackholes.stikman.com. IN      SOA     ns1.stikman.com.
> webmaster.stikma
> n.com. (
>                                 2002072200      ; Serial
>                                 3H      ; Refresh
>                                 3H      ; Retry
>                                 4W      ; Expire
>                                 3H )    ; Negative caching
> blackholes.stikman.com.         IN      NS      ns1.stikman.com.
> 133.184.33.4            IN      A       127.0.0.2
>
> How would I go about using the GENERATE command to create a range of
> records?  The IP number is in the reverse format.  The example above
> is 4.33.184.133, but I put the entry in as
> 133.184.33.44.blackholes.stikman.com which returns the IP of 127.0.0.2
> which will block any e-mail from that IP number.

For your example of 10.10.0/18, you could do
$generate  1-254  $.0.10.10  A  127.0.0.2
$generate  1-254  $.1.10.10  A  127.0.0.2
...
$generate  1-254  $.63.10.10  A  127.0.0.2

However, it might be clearer to use a wildcard where you are blocking an
entire octet.
*.0.10.10  A  127.0.0.2
*.1.10.10  A  127.0.0.2
...
*.63.10.10  A 127.0.0.2





More information about the bind-users mailing list