Implementing the bogon list
Kevin Oberman
oberman at es.net
Fri Apr 9 21:23:15 UTC 2010
> Date: Fri, 9 Apr 2010 16:27:38 -0400
> From: Alex <mysqlstudent at gmail.com>
> Sender: bind-users-bounces+oberman=es.net at lists.isc.org
>
> Hi,
>
> I'm interested in implementing an updated Cymru bogon list, but would
> like some examples on how best to do this. Much of my searching has
> resulted in old configurations that weren't complete and seemed to
> contain errors.
>
> Where is the best place to go to find a template on how best to do
> this? I understand it's a combination of creating a zone with the IP
> ranges in an ACL, but which IPs should actually go in that ACL? There
> is a list of four or five different sets here:
>
> http://www.cymru.com/Documents/bogon-dd.html
>
> Is there an actual zone file with the contents of these IPs, or is it
> all implemented by listing them in the ACL in named.conf?
>
> Once I've implemented it in bind, could it then be used somehow at
> smtp connect time to reject spoofed connections? How exactly do you
> use it?
The FreeBSD default configuration does this, though it does not include
unassigned space as it will get assigned soon.
You can see the config at:
http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/etc/namedb/named.conf?rev=1.31;content-type=text%2Fplain
You can add the unassigned space to those fairly easily, but make sure
that you update it as space is assigned.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
More information about the bind-users
mailing list