// // NOTE: This list is changing all the time (naturally) and serves as an // example only. It is up to you to keep this list up-to-date. In Mandriva // Linux we allow the 192.168.0.0/16 network to do recursive lookups per // default. If you don't like this you need to change this now. // // http://qa.mandriva.com/en/show_bug.cgi?id=27981 // // The list was taken from http://www.cymru.com/Documents/secure-bind-template.html // Secure BIND Template Version 6.3 27 MAY 2008 // // You should keep an eye on http://www.iana.org/assignments/ipv4-address-space in // order to stay up to date. // // $Id: bogon_acl.conf 213585 2008-05-30 23:41:42Z thomas $ // $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/bogon_acl.conf $ acl "bogon" { // Filter out the bogon networks. These are networks // listed by IANA as test, RFC1918, Multicast, experi- // mental, etc. If you see DNS queries or updates with // a source address within these networks, this is likely // of malicious origin. CAUTION: If you are using RFC1918 // netblocks on your network, remove those netblocks from // this list of blackhole ACLs! 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 5.0.0.0/8; 10.0.0.0/8; 14.0.0.0/8; 23.0.0.0/8; 27.0.0.0/8; 31.0.0.0/8; 36.0.0.0/8; 37.0.0.0/8; 39.0.0.0/8; 42.0.0.0/8; 46.0.0.0/8; 49.0.0.0/8; 50.0.0.0/8; 100.0.0.0/8; 101.0.0.0/8; 102.0.0.0/8; 103.0.0.0/8; 104.0.0.0/8; 105.0.0.0/8; 106.0.0.0/8; 107.0.0.0/8; 108.0.0.0/8; 109.0.0.0/8; 110.0.0.0/8; 111.0.0.0/8; 169.254.0.0/16; 172.16.0.0/12; 175.0.0.0/8; 176.0.0.0/8; 177.0.0.0/8; 178.0.0.0/8; 179.0.0.0/8; 180.0.0.0/8; 181.0.0.0/8; 182.0.0.0/8; 183.0.0.0/8; 184.0.0.0/8; 185.0.0.0/8; 192.0.2.0/24; // 192.168.0.0/16; 197.0.0.0/8; 198.18.0.0/15; 223.0.0.0/8; 224.0.0.0/3; };