Implementing the bogon list

[Alex]

Hi,

> EMARKETINGHYPE :)  You still haven't specified what exactly you want to
> implement. ACLs? Empty zones for things that should not resolve?
> Something else? And more importantly, what is the _reason_ you're trying
> to do what you're trying to do?

Heh :-) Sure didn't mean that, but guess that's how it sounded :-)

I think primarily my interest is with integration with postfix and
email. Anything that I can do to reduce the amount of processing
required would help. I'm also just generally interested in learning
about it.

At the same time, I do understand that it doesn't do much good to
spoof an email that you'd like to actually have received, since it's
TCP, so I'm not sure how it applies. I still have to figure that out
:-)

>> Yes, that's why the zone transfer idea was so compelling to me, or
>> perhaps even a once-monthly rsync of the config file?
>
> This is where I continue to be confused. I have no idea what a zone
> transfer would accomplish in this context.

I understood that you could download the latest bogon list by querying the zone:

http://www.team-cymru.org/Services/Bogons/#dns

> It seems from other posts that you want to implement ACLs of some sort
> related to "bogons." My suggestion is that unless you have a really
> clear idea of a specific security goal that will be served by doing this
> that you don't do it.

I guess I understand that the primary use is to prohibit internal
networks from leaving the organization and some rogue external bogus
network from entering as it relates to routing and networking in
general, but I also thought it somehow related to SMTP, and that's
what I'd like to make sure.

Thanks so much.
Best regards,
Alex