On Feb 26, 2010, at 9:54 AM, Diosney Sarmiento Herrera wrote:
Hi!
Sorry for the delay.
It was very useful for me. Thanks!
In our nameserver we do not apply the bogon filter to the bogus
addresses because it will change with time and we not know how update
them automatically.
My question is that if it is useful to blacklist the private address
range(this addresses never change with time ;) ) so our nameserver
will
never respond queries from this addresses.
I ask if this is usefull because the private address range don't have
meaning of sense in Internet.
Thanks!
--
Diosney
Re discarding queries from private space that came from the Internet:
Many sites would handle this at the routing level so as to protect
more than just
bind, and to allow you to make use of private space within your own
network.
An access list on a router interface would assure none of your own
network
receives packets from private space that actually originated outside
your network.
An app like bind can't sort out whether the packet with a source
address in
private space came from your own network or came from the Internet at
large.
But if you've arranged things so this bind instance never receives
traffic
from your own private space (e.g. if you aren't even using private
space),
then you could certainly add such filtering to bind's normal access
list.
John
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
