Implementing the bogon list

Alex mysqlstudent at gmail.com
Sat Apr 10 03:50:20 UTC 2010


Hi,

> Let's be clear on what "this" is please, since I don't think the OP's
> post was clear about what he wanted to implement. :)

I'm really interested in security, reducing resources, and making sure
the server is current with today's standards. I'd like to make sure
it's properly set up and there aren't any configuration errors and
that anything I can do to improve it's overall performance is being
done.

> In any case, I welcome comments and suggestions on improving this config.
>
>> You can see the config at:
>> http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/etc/namedb/named.conf?rev=1.31;content-type=text%2Fplain

It's very good, but I think it also depends on what you're trying to
achieve. I'm not sure of the scope. Since it's already not a "named
start" and be done with it, maybe it can include more comprehensive
examples.

Maybe a separate "bogons.conf" that's included in the named.conf to
make it a bit easier to read and less involved?

How about using examples for "classless" ARPA networks? How about
pointers to where to go next for things like, say, dnssec and key
generation?

>> You can add the unassigned space to those fairly easily, but make sure
>> that you update it as space is assigned.
>
> Yes, this is worth saying again, and I agree with it (again). :)

Yes, that's why the zone transfer idea was so compelling to me, or
perhaps even a once-monthly rsync of the config file?

Thanks,
Alex



More information about the bind-users mailing list