GENERATE Command
Mark Damrose
mdamrose at elgin.cc.il.us
Mon Dec 30 01:45:04 UTC 2002
"Jeff Grossman" <jeff at stikman.com> wrote in message
news:auo2rl$8h6i$1 at isrv4.isc.org...
>
> Doug Barton <DougB at DougBarton.net> wrote:
>
> >
> >On Fri, 27 Dec 2002, Jeff Grossman wrote:
> >
> >>
> >> I have my own DNS zone setup as a blackhole zone for IP numbers I do
> >> not want to receive e-mail from.
> >
> >This doesn't sound like a problem that DNS is the ideal solution for, but
> >it's your time to spend.
> >
>
> I guess you don't use RBL DNS zones. For an e-mail server, this is a
> great method of blocking unwanted IP numbers.
>
> >> So far I have only been using single IP address which point to an A
> >> record of 127.0.0.2. But, now I want to block a whole range of
> >> addresses. I have looked at the Bind ARM manual, and found the
GENERATE
> >> command. But, I need some help. How would I go about blocking a range
> >> like 10.10.192/19 and 10.10.0/18?
> >
> >Unless I'm missing something, you'd need zone entries in named.conf for
> >each of the /24's. You could point them all to the same zone file though.
> >http://dougbarton.net/bind-users/FAQ.html#SameFile
>
> Here is a copy of the beginning of my zone file:
>
> $TTL 3H
> blackholes.stikman.com. IN SOA ns1.stikman.com.
> webmaster.stikma
> n.com. (
> 2002072200 ; Serial
> 3H ; Refresh
> 3H ; Retry
> 4W ; Expire
> 3H ) ; Negative caching
> blackholes.stikman.com. IN NS ns1.stikman.com.
> 133.184.33.4 IN A 127.0.0.2
>
> How would I go about using the GENERATE command to create a range of
> records? The IP number is in the reverse format. The example above
> is 4.33.184.133, but I put the entry in as
> 133.184.33.44.blackholes.stikman.com which returns the IP of 127.0.0.2
> which will block any e-mail from that IP number.
For your example of 10.10.0/18, you could do
$generate 1-254 $.0.10.10 A 127.0.0.2
$generate 1-254 $.1.10.10 A 127.0.0.2
...
$generate 1-254 $.63.10.10 A 127.0.0.2
However, it might be clearer to use a wildcard where you are blocking an
entire octet.
*.0.10.10 A 127.0.0.2
*.1.10.10 A 127.0.0.2
...
*.63.10.10 A 127.0.0.2
More information about the bind-users
mailing list