Blacklisting private address range
Diosney Sarmiento Herrera
diosney.s at gmail.com
Fri Feb 26 14:54:37 UTC 2010
Hi!
Sorry for the delay.
It was very useful for me. Thanks!
In our nameserver we do not apply the bogon filter to the bogus
addresses because it will change with time and we not know how update
them automatically.
My question is that if it is useful to blacklist the private address
range(this addresses never change with time ;) ) so our nameserver will
never respond queries from this addresses.
I ask if this is usefull because the private address range don't have
meaning of sense in Internet.
Thanks!
--
Diosney
On Wed, 2010-02-24 at 02:30 -0700, Bill Larson wrote:
> On Feb 23, 2010, at 7:56 PM, Diosney Sarmiento Herrera wrote:
>
> > Hi!
> >
> > Have any sense to blacklist the private address ranges on a server
> > that is facing Internet? I mean, this address ranges is not even
> > routed
> > on the Internet.
> >
> > There is a trick about this?
>
> No trick, it is commonly done. For a good example of this (and many
> other things), see the Secure BIND Template at http://www.cymru.com/Documents/secure-bind-template.html
> .
>
> Bill Larson
More information about the bind-users
mailing list