GENERATE Command

Mark_Andrews at isc.org Mark_Andrews at isc.org
Mon Dec 30 02:22:18 UTC 2002 

> "Jeff Grossman" <jeff at stikman.com> wrote in message
> news:auo2rl$8h6i$1 at isrv4.isc.org...
> >
> > Doug Barton <DougB at DougBarton.net> wrote:
> >
> > >
> > >On Fri, 27 Dec 2002, Jeff Grossman wrote:
> > >
> > >>
> > >> I have my own DNS zone setup as a blackhole zone for IP numbers I do
> > >> not want to receive e-mail from.
> > >
> > >This doesn't sound like a problem that DNS is the ideal solution for, but
> > >it's your time to spend.
> > >
> >
> > I guess you don't use RBL DNS zones.  For an e-mail server, this is a
> > great method of blocking unwanted IP numbers.
> >
> > >> So far I have only been using single IP address which point to an A
> > >> record of 127.0.0.2.  But, now I want to block a whole range of
> > >> addresses.  I have looked at the Bind ARM manual, and found the
> GENERATE
> > >> command.  But, I need some help.  How would I go about blocking a range
> > >> like 10.10.192/19 and 10.10.0/18?
> > >
> > >Unless I'm missing something, you'd need zone entries in named.conf for
> > >each of the /24's. You could point them all to the same zone file though.
> > >http://dougbarton.net/bind-users/FAQ.html#SameFile
> >
> > Here is a copy of the beginning of my zone file:
> >
> > $TTL 3H
> > blackholes.stikman.com. IN      SOA     ns1.stikman.com.
> > webmaster.stikma
> > n.com. (
> >                                 2002072200      ; Serial
> >                                 3H      ; Refresh
> >                                 3H      ; Retry
> >                                 4W      ; Expire
> >                                 3H )    ; Negative caching
> > blackholes.stikman.com.         IN      NS      ns1.stikman.com.
> > 133.184.33.4            IN      A       127.0.0.2
> >
> > How would I go about using the GENERATE command to create a range of
> > records?  The IP number is in the reverse format.  The example above
> > is 4.33.184.133, but I put the entry in as
> > 133.184.33.44.blackholes.stikman.com which returns the IP of 127.0.0.2
> > which will block any e-mail from that IP number.
> 
> For your example of 10.10.0/18, you could do
> $generate  1-254  $.0.10.10  A  127.0.0.2
> $generate  1-254  $.1.10.10  A  127.0.0.2
> ...
> $generate  1-254  $.63.10.10  A  127.0.0.2

	The ranges above should be 0-255.  0 and 255 are perfectly are
	allowed in the last octet of host addresses even in the old
	class C address space under CIDR.

> However, it might be clearer to use a wildcard where you are blocking an
> entire octet.
> *.0.10.10  A  127.0.0.2
> *.1.10.10  A  127.0.0.2
> ...
> *.63.10.10  A 127.0.0.2

	Or use both.

	$GENERATE  0-63	*.$.10.10  A  127.0.0.2

	Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list