On 09.04.2010, at 22:32, Bryan Irvine wrote:
I think that's really designed for router ACL's.
Not exclusively, hence http://www.cymru.com/Documents/secure-bind-template.html
I'm not sure what you'd do with regards to BIND or even why you'd want to handle it there.
Well, for example for a recursive nameserver it pays performancewise if BIND (or any other recursive nameserver) does not need to go out to the world an try to reach 192.168.0.1 just because some idiot chose this IP as his IN NS for some subdomain.
Alex, you'll find the aggregated version of the bogon list at http://www.cymru.com/Documents/bogon-bn-agg.txt options { blackhole { # echo <bogons> |perl -nle 'print "\t\t$_;";' 0.0.0.0/8; 5.0.0.0/8; 10.0.0.0/8; 23.0.0.0/8; 31.0.0.0/8; 36.0.0.0/7; 39.0.0.0/8; 42.0.0.0/8; 49.0.0.0/8; 100.0.0.0/6; 104.0.0.0/7; 106.0.0.0/8; 127.0.0.0/8; 169.254.0.0/16; 172.16.0.0/12; 176.0.0.0/7; 179.0.0.0/8; 181.0.0.0/8; 185.0.0.0/8; 192.0.0.0/24; 192.0.2.0/24; 192.168.0.0/16; 198.18.0.0/15; 198.51.100.0/24; 203.0.113.0/24; 224.0.0.0/3; } } Stefan _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users