On Sat, Apr 10, 2010 at 01:08:16AM -0400, Joseph S D Yao wrote: ... > I strongly recommend that anyone wanting some degree of security use > look at the lists of IPv4 networks in RFC 5735/6/7 and the list of IPv6 > networks in RFC 5156. Decide which of those networks you want to block > or blackhole. ...
OBTW, glancing around the Web on the Internet, it looks like a lot of folks don't realize that option { blackhole{} } cuts both ways. Nobody can query from those IP addresses, but you can't query into those IP addresses. I saw a serious proposal to blackhole the root IP addresses so that queries to the root might be reduced - presumably on a recursive resolver. -- /*********************************************************************\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*********************************************************************/ _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users