GENERATE Command

Jeff Grossman jeff at stikman.com
Mon Dec 30 04:38:25 UTC 2002 


"Mark Damrose" <mdamrose at elgin.cc.il.us> wrote:

>"Jeff Grossman" <jeff at stikman.com> wrote in message
>news:auo2rl$8h6i$1 at isrv4.isc.org...
>>
>> Doug Barton <DougB at DougBarton.net> wrote:
>>
>> >
>> >On Fri, 27 Dec 2002, Jeff Grossman wrote:
>> >
>> >>
>> >> I have my own DNS zone setup as a blackhole zone for IP numbers I do
>> >> not want to receive e-mail from.
>> >
>> >This doesn't sound like a problem that DNS is the ideal solution for, but
>> >it's your time to spend.
>> >
>>
>> I guess you don't use RBL DNS zones.  For an e-mail server, this is a
>> great method of blocking unwanted IP numbers.
>>
>> >> So far I have only been using single IP address which point to an A
>> >> record of 127.0.0.2.  But, now I want to block a whole range of
>> >> addresses.  I have looked at the Bind ARM manual, and found the
>GENERATE
>> >> command.  But, I need some help.  How would I go about blocking a range
>> >> like 10.10.192/19 and 10.10.0/18?
>> >
>> >Unless I'm missing something, you'd need zone entries in named.conf for
>> >each of the /24's. You could point them all to the same zone file though.
>> >http://dougbarton.net/bind-users/FAQ.html#SameFile
>>
>> Here is a copy of the beginning of my zone file:
>>
>> $TTL 3H
>> blackholes.stikman.com. IN      SOA     ns1.stikman.com.
>> webmaster.stikma
>> n.com. (
>>                                 2002072200      ; Serial
>>                                 3H      ; Refresh
>>                                 3H      ; Retry
>>                                 4W      ; Expire
>>                                 3H )    ; Negative caching
>> blackholes.stikman.com.         IN      NS      ns1.stikman.com.
>> 133.184.33.4            IN      A       127.0.0.2
>>
>> How would I go about using the GENERATE command to create a range of
>> records?  The IP number is in the reverse format.  The example above
>> is 4.33.184.133, but I put the entry in as
>> 133.184.33.44.blackholes.stikman.com which returns the IP of 127.0.0.2
>> which will block any e-mail from that IP number.
>
>For your example of 10.10.0/18, you could do
>$generate  1-254  $.0.10.10  A  127.0.0.2
>$generate  1-254  $.1.10.10  A  127.0.0.2
>...
>$generate  1-254  $.63.10.10  A  127.0.0.2
>
>However, it might be clearer to use a wildcard where you are blocking an
>entire octet.
>*.0.10.10  A  127.0.0.2
>*.1.10.10  A  127.0.0.2
>...
>*.63.10.10  A 127.0.0.2
>
>
>
I was not aware that you could use wildcards like that.  Thanks for
that  information.  I will give it a try.  One more question.  In my
examples, what IP range is the 10.10.192/19 and 10.10.0/18?  I am
still having some trouble figuring out what the /## mean.

Thanks,
Jeff
-- 
Jeff Grossman (jeff at stikman.com)

More information about the bind-users mailing list