On Feb 24, 2010, at 11:23 AM, Tony Finch wrote:
On Wed, 24 Feb 2010, Stephane Bortzmeyer wrote:
On Tue, Feb 23, 2010 at 09:56:55PM -0500,
Diosney Sarmiento Herrera <diosne...@gmail.com> wrote:
Have any sense to blacklist the private address ranges on a server
that is facing Internet?
I am not sure I parse your sentence correctly but may be you refer to
the "Rebinding prevention feature" which appeared in 9.7.0?
deny-answer-addresses { 10.0.0.0/8; }
deny-answer-addresses { 172.16.0.0/12; }
deny-answer-addresses { 192.168.0.0/16; }
We also do the following to stop BIND from trying to talk to name
servers
in bogon address space:
Yes, but remember to be careful as to how you are using the term
'bogon' -- some folks include things like (currently) unassigned space
in their definition of bogon, which is fine till the space gets
allocated, at which time hilarity ensues.
server 0.0.0.0/8 { bogus yes; };
server 10.0.0.0/8 { bogus yes; };
server 127.0.0.0/8 { bogus yes; };
server 169.254.0.0/16 { bogus yes; };
server 172.16.0.0/12 { bogus yes; };
server 192.0.0.0/24 { bogus yes; };
server 192.0.2.0/24 { bogus yes; };
server 192.168.0.0/16 { bogus yes; };
server 198.18.0.0/15 { bogus yes; };
server 198.51.100.0/24 { bogus yes; };
server 203.0.113.0/24 { bogus yes; };
server 224.0.0.0/3 { bogus yes; };
Ok, fair 'nuff.
W
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY
SHOWERS.
MODERATE OR GOOD.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
"When it comes to glittering objects, wizards have all the taste and
self-control of a deranged magpie."
-- Terry Pratchett
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
