GENERATE Command
Jeff Grossman
jeff at stikman.com
Mon Dec 30 04:41:06 UTC 2002
Mark_Andrews at isc.org wrote:
>
>> "Jeff Grossman" <jeff at stikman.com> wrote in message
>> news:auo2rl$8h6i$1 at isrv4.isc.org...
>> >
>> > Doug Barton <DougB at DougBarton.net> wrote:
>> >
>> > >
>> > >On Fri, 27 Dec 2002, Jeff Grossman wrote:
>> > >
>> > >>
>> > >> I have my own DNS zone setup as a blackhole zone for IP numbers I do
>> > >> not want to receive e-mail from.
>> > >
>> > >This doesn't sound like a problem that DNS is the ideal solution for, but
>> > >it's your time to spend.
>> > >
>> >
>> > I guess you don't use RBL DNS zones. For an e-mail server, this is a
>> > great method of blocking unwanted IP numbers.
>> >
>> > >> So far I have only been using single IP address which point to an A
>> > >> record of 127.0.0.2. But, now I want to block a whole range of
>> > >> addresses. I have looked at the Bind ARM manual, and found the
>> GENERATE
>> > >> command. But, I need some help. How would I go about blocking a range
>> > >> like 10.10.192/19 and 10.10.0/18?
>> > >
>> > >Unless I'm missing something, you'd need zone entries in named.conf for
>> > >each of the /24's. You could point them all to the same zone file though.
>> > >http://dougbarton.net/bind-users/FAQ.html#SameFile
>> >
>> > Here is a copy of the beginning of my zone file:
>> >
>> > $TTL 3H
>> > blackholes.stikman.com. IN SOA ns1.stikman.com.
>> > webmaster.stikma
>> > n.com. (
>> > 2002072200 ; Serial
>> > 3H ; Refresh
>> > 3H ; Retry
>> > 4W ; Expire
>> > 3H ) ; Negative caching
>> > blackholes.stikman.com. IN NS ns1.stikman.com.
>> > 133.184.33.4 IN A 127.0.0.2
>> >
>> > How would I go about using the GENERATE command to create a range of
>> > records? The IP number is in the reverse format. The example above
>> > is 4.33.184.133, but I put the entry in as
>> > 133.184.33.44.blackholes.stikman.com which returns the IP of 127.0.0.2
>> > which will block any e-mail from that IP number.
>>
>> For your example of 10.10.0/18, you could do
>> $generate 1-254 $.0.10.10 A 127.0.0.2
>> $generate 1-254 $.1.10.10 A 127.0.0.2
>> ...
>> $generate 1-254 $.63.10.10 A 127.0.0.2
>
> The ranges above should be 0-255. 0 and 255 are perfectly are
> allowed in the last octet of host addresses even in the old
> class C address space under CIDR.
>
>> However, it might be clearer to use a wildcard where you are blocking an
>> entire octet.
>> *.0.10.10 A 127.0.0.2
>> *.1.10.10 A 127.0.0.2
>> ...
>> *.63.10.10 A 127.0.0.2
>
> Or use both.
>
> $GENERATE 0-63 *.$.10.10 A 127.0.0.2
>
> Mark
Thanks for the information, Mark. I think I understand the use of the
$GENERATE command now.
Jeff
p.s. I have the O'Reilly DNS and Bind 4th Edition book, but generate
was not listed. Was this command added after that book was written?
--
Jeff Grossman (jeff at stikman.com)
More information about the bind-users
mailing list