Blacklisting private address range

Diosney Sarmiento Herrera diosney.s at gmail.com
Fri Feb 26 14:54:37 UTC 2010


Hi!

  Sorry for the delay.

  It was very useful for me. Thanks!

  In our nameserver we do not apply the bogon filter to the bogus
addresses because it will change with time and we not know how update
them automatically.

  My question is that if it is useful to blacklist the private address
range(this addresses never change with time ;) ) so our nameserver will
never respond queries from this addresses.

  I ask if this is usefull because the private address range don't have
meaning of sense in Internet.

  Thanks!

-- 
          Diosney



On Wed, 2010-02-24 at 02:30 -0700, Bill Larson wrote: 
> On Feb 23, 2010, at 7:56 PM, Diosney Sarmiento Herrera wrote:
> 
> > Hi!
> >
> >    Have any sense to blacklist the private address ranges on a server
> > that is facing Internet? I mean, this address ranges is not even  
> > routed
> > on the Internet.
> >
> >    There is a trick about this?
> 
> No trick, it is commonly done.  For a good example of this (and many  
> other things), see the Secure BIND Template at http://www.cymru.com/Documents/secure-bind-template.html 
> .
> 
> Bill Larson




More information about the bind-users mailing list