[dns-operations] DEV TLD?
bert hubert
bert.hubert at netherlabs.nl
Fri Sep 11 09:45:42 UTC 2015
On Thu, Sep 10, 2015 at 10:41:22PM -0700, Paul Vixie wrote:
> i know i don't like being fooled into sending queries to
> behind-my-firewall addresses.
PowerDNS has the following dont-query list enabled by default:
#define LOCAL_NETS "127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10"
// Bad Nets taken from both:
// http://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
// and
// http://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
// where such a network may not be considered a valid destination
#define BAD_NETS "0.0.0.0/8, 192.0.0.0/24, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, ::ffff:0:0/96, 100::/64, 2001:db8::/32"
#define DONT_QUERY LOCAL_NETS ", " BAD_NETS
Perhaps useful.
Bert
More information about the dns-operations
mailing list