On Sat, Apr 10, 2010 at 01:08:16AM -0400, Joseph S D Yao wrote:
...
> I strongly recommend that anyone wanting some degree of security use
> look at the lists of IPv4 networks in RFC 5735/6/7 and the list of IPv6
> networks in RFC 5156. Decide which of those networks you want to block
> or blackhole.
...
OBTW, glancing around the Web on the Internet, it looks like a lot of
folks don't realize that option { blackhole{} } cuts both ways. Nobody
can query from those IP addresses, but you can't query into those IP
addresses. I saw a serious proposal to blackhole the root IP addresses
so that queries to the root might be reduced - presumably on a recursive
resolver.
--
/*********************************************************************\
**
** Joe Yao j...@tux.org - Joseph S. D. Yao
**
\*********************************************************************/
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
