jeff at stikman.com
Mon Dec 30 04:38:25 UTC 2002
"Mark Damrose" <mdamrose at elgin.cc.il.us> wrote:
>"Jeff Grossman" <jeff at stikman.com> wrote in message
>news:auo2rl$8h6i$1 at isrv4.isc.org...
>> Doug Barton <DougB at DougBarton.net> wrote:
>> >On Fri, 27 Dec 2002, Jeff Grossman wrote:
>> >> I have my own DNS zone setup as a blackhole zone for IP numbers I do
>> >> not want to receive e-mail from.
>> >This doesn't sound like a problem that DNS is the ideal solution for, but
>> >it's your time to spend.
>> I guess you don't use RBL DNS zones. For an e-mail server, this is a
>> great method of blocking unwanted IP numbers.
>> >> So far I have only been using single IP address which point to an A
>> >> record of 127.0.0.2. But, now I want to block a whole range of
>> >> addresses. I have looked at the Bind ARM manual, and found the
>> >> command. But, I need some help. How would I go about blocking a range
>> >> like 10.10.192/19 and 10.10.0/18?
>> >Unless I'm missing something, you'd need zone entries in named.conf for
>> >each of the /24's. You could point them all to the same zone file though.
>> Here is a copy of the beginning of my zone file:
>> $TTL 3H
>> blackholes.stikman.com. IN SOA ns1.stikman.com.
>> n.com. (
>> 2002072200 ; Serial
>> 3H ; Refresh
>> 3H ; Retry
>> 4W ; Expire
>> 3H ) ; Negative caching
>> blackholes.stikman.com. IN NS ns1.stikman.com.
>> 220.127.116.11 IN A 127.0.0.2
>> How would I go about using the GENERATE command to create a range of
>> records? The IP number is in the reverse format. The example above
>> is 18.104.22.168, but I put the entry in as
>> 22.214.171.124.blackholes.stikman.com which returns the IP of 127.0.0.2
>> which will block any e-mail from that IP number.
>For your example of 10.10.0/18, you could do
>$generate 1-254 $.0.10.10 A 127.0.0.2
>$generate 1-254 $.1.10.10 A 127.0.0.2
>$generate 1-254 $.63.10.10 A 127.0.0.2
>However, it might be clearer to use a wildcard where you are blocking an
>*.0.10.10 A 127.0.0.2
>*.1.10.10 A 127.0.0.2
>*.63.10.10 A 127.0.0.2
I was not aware that you could use wildcards like that. Thanks for
that information. I will give it a try. One more question. In my
examples, what IP range is the 10.10.192/19 and 10.10.0/18? I am
still having some trouble figuring out what the /## mean.
Jeff Grossman (jeff at stikman.com)
More information about the bind-users