Questions about "bogon" ACL entries to be added
Barry Margolin
barmar at genuity.net
Mon Jan 7 23:16:24 UTC 2002
In article <a1d3oj$6lu at pub3.rc.vix.com>, O'Neil,Kevin <oneil at oclc.org> wrote:
>My thinking is that if a class A address is not delegated by the root
>servers and is not in a large BGP table (say from
>http://www.telstra.net/ops/bgp/bgp-active.html) then that address should be
>one included in the bogon ACL even though ARIN's database indicates that the
>address has been delegated to some entity.
>
>A couple of examples are:
>14.0.0.0/8; //NET-PDN; not in in-addr.arpa zone and not in BGP table
>48.0.0.0/8; //NET-PRUBACHE; not in in-addr.arpa zone and not in BGP table
>
>Should those (and several others) be added to the "bogon" ACL?
I don't think reverse DNS is a good indication of whether a network block
is in use. Many organizations don't bother to set up reverse DNS for their
networks (although you'd think that most owners of class A's would).
The BGP table is probably a better indication of which address blocks are
actually in use.
>Also there are a couple of class B addresses mentioned in RFC 2544 that seem
>to be reserved for test networks:
>198.18.0.0/16; //NETBLK-NDTL;
>198.19.0.0/16; //NETBLK-NDTL;
>
>Shouldn't those be candidates for "bogon"?
>
>
>Finally, there are 16 reserved class C addresses in the 192 range
>(NET-RESERVED-192*). Those too?
All the RFC 1918 addresses should be considered bogus, unless you're using
them at your site.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list