acl "bogon" { // Filter out the bogon networks. These are networks // listed by IANA as test, RFC1918, Multicast, experi- // mental, etc. If you see DNS queries or updates with // a source address within these networks, this is likely // of malicious origin. CAUTION: If you are using RFC1918 // netblocks on your network, remove those netblocks from // this list of blackhole ACLs! 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 5.0.0.0/8; 7.0.0.0/8; 10.0.0.0/8; 23.0.0.0/8; 27.0.0.0/8; 31.0.0.0/8; 36.0.0.0/8; 37.0.0.0/8; 39.0.0.0/8; 41.0.0.0/8; 42.0.0.0/8; 49.0.0.0/8; 50.0.0.0/8; 58.0.0.0/8; 59.0.0.0/8; 60.0.0.0/8; 70.0.0.0/8; 71.0.0.0/8; 72.0.0.0/8; 73.0.0.0/8; 74.0.0.0/8; 75.0.0.0/8; 76.0.0.0/8; 77.0.0.0/8; 78.0.0.0/8; 79.0.0.0/8; 83.0.0.0/8; 84.0.0.0/8; 85.0.0.0/8; 86.0.0.0/8; 87.0.0.0/8; 88.0.0.0/8; 89.0.0.0/8; 90.0.0.0/8; 91.0.0.0/8; 92.0.0.0/8; 93.0.0.0/8; 94.0.0.0/8; 95.0.0.0/8; 96.0.0.0/8; 97.0.0.0/8; 98.0.0.0/8; 99.0.0.0/8; 100.0.0.0/8; 101.0.0.0/8; 102.0.0.0/8; 103.0.0.0/8; 104.0.0.0/8; 105.0.0.0/8; 106.0.0.0/8; 107.0.0.0/8; 108.0.0.0/8; 109.0.0.0/8; 110.0.0.0/8; 111.0.0.0/8; 112.0.0.0/8; 113.0.0.0/8; 114.0.0.0/8; 115.0.0.0/8; 116.0.0.0/8; 117.0.0.0/8; 118.0.0.0/8; 119.0.0.0/8; 120.0.0.0/8; 121.0.0.0/8; 122.0.0.0/8; 123.0.0.0/8; 124.0.0.0/8; 125.0.0.0/8; 126.0.0.0/8; 127.0.0.0/8; 169.254.0.0/16; 172.16.0.0/12; 192.0.2.0/24; // 192.168.0.0/16; 197.0.0.0/8; 201.0.0.0/8; 224.0.0.0/3; };