Implementing the bogon list
Stefan Schmidt
zaphodb at zaphods.net
Fri Apr 9 20:44:28 UTC 2010
On 09.04.2010, at 22:32, Bryan Irvine wrote:
> I think that's really designed for router ACL's.
Not exclusively, hence http://www.cymru.com/Documents/secure-bind-template.html
> I'm not sure what you'd do with regards to BIND or even why you'd want
> to handle it there.
Well, for example for a recursive nameserver it pays performancewise
if BIND (or any other recursive nameserver) does not need to go out to
the world an try to reach 192.168.0.1 just because some idiot chose
this IP as his IN NS for some subdomain.
Alex,
you'll find the aggregated version of the bogon list at
http://www.cymru.com/Documents/bogon-bn-agg.txt
options {
blackhole {
# echo <bogons> |perl -nle 'print "\t\t$_;";'
0.0.0.0/8;
5.0.0.0/8;
10.0.0.0/8;
23.0.0.0/8;
31.0.0.0/8;
36.0.0.0/7;
39.0.0.0/8;
42.0.0.0/8;
49.0.0.0/8;
100.0.0.0/6;
104.0.0.0/7;
106.0.0.0/8;
127.0.0.0/8;
169.254.0.0/16;
172.16.0.0/12;
176.0.0.0/7;
179.0.0.0/8;
181.0.0.0/8;
185.0.0.0/8;
192.0.0.0/24;
192.0.2.0/24;
192.168.0.0/16;
198.18.0.0/15;
198.51.100.0/24;
203.0.113.0/24;
224.0.0.0/3;
}
}
Stefan
More information about the bind-users
mailing list