[dns-operations] DEV TLD?
Tony Finch
dot at dotat.at
Fri Sep 11 09:02:20 UTC 2015
Paul Vixie <paul at redbarn.org> wrote:
>
> i know i don't like being fooled into sending queries to
> behind-my-firewall addresses.
My DNS servers have the configuration clauses below. The thing to be
wary of if you do this is nameservers for private zones on private IP
addresses. You can add server ... { bogus no; }; clauses for them.
(I do a similar thing with Exim's ignore_target_hosts option on my mail
servers.)
server 0.0.0.0/8 { bogus yes; };
server 10.0.0.0/8 { bogus yes; };
server 100.64.0.0/10 { bogus yes; };
server 127.0.0.0/8 { bogus yes; };
server 169.254.0.0/16 { bogus yes; };
server 172.16.0.0/12 { bogus yes; };
server 192.0.0.0/24 { bogus yes; };
server 192.0.2.0/24 { bogus yes; };
server 192.88.99.0/24 { bogus yes; };
server 192.168.0.0/16 { bogus yes; };
server 198.18.0.0/15 { bogus yes; };
server 198.51.100.0/24 { bogus yes; };
server 203.0.113.0/24 { bogus yes; };
server 224.0.0.0/3 { bogus yes; };
server 0000::/3 { bogus yes; };
server 2001:0000::/32 { bogus yes; };
server 2001:0002::/48 { bogus yes; };
server 2001:0010::/28 { bogus yes; };
server 2001:0db8::/32 { bogus yes; };
server 2002::/16 { bogus yes; };
server 3000::/4 { bogus yes; };
server 4000::/2 { bogus yes; };
server 8000::/1 { bogus yes; };
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or
moderate, but rough in southwest Viking. Showers later. Good, occasionally
poor later.
More information about the dns-operations
mailing list