GENERATE Command

Jeff Grossman jeff at stikman.com
Mon Dec 30 04:41:06 UTC 2002



Mark_Andrews at isc.org wrote:

>
>> "Jeff Grossman" <jeff at stikman.com> wrote in message
>> news:auo2rl$8h6i$1 at isrv4.isc.org...
>> >
>> > Doug Barton <DougB at DougBarton.net> wrote:
>> >
>> > >
>> > >On Fri, 27 Dec 2002, Jeff Grossman wrote:
>> > >
>> > >>
>> > >> I have my own DNS zone setup as a blackhole zone for IP numbers I do
>> > >> not want to receive e-mail from.
>> > >
>> > >This doesn't sound like a problem that DNS is the ideal solution for, but
>> > >it's your time to spend.
>> > >
>> >
>> > I guess you don't use RBL DNS zones.  For an e-mail server, this is a
>> > great method of blocking unwanted IP numbers.
>> >
>> > >> So far I have only been using single IP address which point to an A
>> > >> record of 127.0.0.2.  But, now I want to block a whole range of
>> > >> addresses.  I have looked at the Bind ARM manual, and found the
>> GENERATE
>> > >> command.  But, I need some help.  How would I go about blocking a range
>> > >> like 10.10.192/19 and 10.10.0/18?
>> > >
>> > >Unless I'm missing something, you'd need zone entries in named.conf for
>> > >each of the /24's. You could point them all to the same zone file though.
>> > >http://dougbarton.net/bind-users/FAQ.html#SameFile
>> >
>> > Here is a copy of the beginning of my zone file:
>> >
>> > $TTL 3H
>> > blackholes.stikman.com. IN      SOA     ns1.stikman.com.
>> > webmaster.stikma
>> > n.com. (
>> >                                 2002072200      ; Serial
>> >                                 3H      ; Refresh
>> >                                 3H      ; Retry
>> >                                 4W      ; Expire
>> >                                 3H )    ; Negative caching
>> > blackholes.stikman.com.         IN      NS      ns1.stikman.com.
>> > 133.184.33.4            IN      A       127.0.0.2
>> >
>> > How would I go about using the GENERATE command to create a range of
>> > records?  The IP number is in the reverse format.  The example above
>> > is 4.33.184.133, but I put the entry in as
>> > 133.184.33.44.blackholes.stikman.com which returns the IP of 127.0.0.2
>> > which will block any e-mail from that IP number.
>> 
>> For your example of 10.10.0/18, you could do
>> $generate  1-254  $.0.10.10  A  127.0.0.2
>> $generate  1-254  $.1.10.10  A  127.0.0.2
>> ...
>> $generate  1-254  $.63.10.10  A  127.0.0.2
>
>	The ranges above should be 0-255.  0 and 255 are perfectly are
>	allowed in the last octet of host addresses even in the old
>	class C address space under CIDR.
>
>> However, it might be clearer to use a wildcard where you are blocking an
>> entire octet.
>> *.0.10.10  A  127.0.0.2
>> *.1.10.10  A  127.0.0.2
>> ...
>> *.63.10.10  A 127.0.0.2
>
>	Or use both.
>
>	$GENERATE  0-63	*.$.10.10  A  127.0.0.2
>
>	Mark

Thanks for the information, Mark.  I think I understand the use of the
$GENERATE command now.

Jeff

p.s.  I have the O'Reilly DNS and Bind 4th Edition book, but generate
was not listed.  Was this command added after that book was written?
-- 
Jeff Grossman (jeff at stikman.com)


More information about the bind-users mailing list