Zonefiles & CIDR

Darin derwood at naebunny.net
Mon Mar 9 03:38:48 UTC 2009


Stephen Ward wrote:
> Just a quick silly question.
>
> Running BIND9 (someone kindly raped to get it to work on windows) but it 
> does not seem to support CIDR ranges. I mostly use it to block unwanted 
> email by connecting IP (glorified reverse DNS).
>
> Rather than have to enter loads of lines to match up wide spans of ranges 
> I would like to define them using CIDR, but it seems it does not support 
> it.
>
> I'm probably being really thick - but is this so?!
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>   
I do a similar thing with BIND in my network I take IP ranges for 
certain countries and set up a blocklist using reverse format.  BIND 
will work with CIDR but in a very limited way.  Heres an example from my 
list:

*.82.77         IN A  127.0.0.3

The stetment above will block a whole /16

*.191.79.77             IN A  127.0.0.3

The statement above will block a whole /24

So, you just have to set up your script to break things down by /8, /16, 
or /24.  Thats about the best you can do. 

Darin -




More information about the bind-users mailing list