Implementing the bogon list
Joseph S D Yao
jsdy at tux.org
Sat Apr 10 05:20:44 UTC 2010
On Sat, Apr 10, 2010 at 01:08:16AM -0400, Joseph S D Yao wrote:
...
> I strongly recommend that anyone wanting some degree of security use
> look at the lists of IPv4 networks in RFC 5735/6/7 and the list of IPv6
> networks in RFC 5156. Decide which of those networks you want to block
> or blackhole.
...
OBTW, glancing around the Web on the Internet, it looks like a lot of
folks don't realize that option { blackhole{} } cuts both ways. Nobody
can query from those IP addresses, but you can't query into those IP
addresses. I saw a serious proposal to blackhole the root IP addresses
so that queries to the root might be reduced - presumably on a recursive
resolver.
--
/*********************************************************************\
**
** Joe Yao jsdy at tux.org - Joseph S. D. Yao
**
\*********************************************************************/
More information about the bind-users
mailing list