Mon, 30 Jun 2008
Finding bogons. And then fixing them.
No, I'm not talking about Melbourians (besides I believe that it is actually bogan). I mean bogon which is a quantum on bogosity and as applied to IP packets.
I run a number of nameservers, someone of them are slaves for some high-profile sites (e.g. gnome.org, linux.conf.au, openmoko.org, etc.), and some zones the nameservers are (dynamic) primaries for.
I had someone send me an email but my various systems refused to receive -- this I tracked down to BIND not returning any data when an MX request was received. This was particularly perplexing as my laptop, also running BIND, and some of my other test systems all had no trouble.
After much faffing about, including running BIND in debug mode on a production machine, I found this gem in the debug log:
... ignoring blackholed / bogus server ...
Ah ha! Lights clicked and it all fell into place. The network was on the DNS bogon list.
In case you do not want to run the full bogon list, or keep it up to do, here are the IPv4 network you should filter out (from RFC3330).
acl "rfc3330" {
// Filter out any IPv4 networks specified in RFC3330
// These networks (IP addresses) should rarely be seen
// in the wild on normal networks.
0.0.0.0/8;
10.0.0.0/8;
169.254.0.0/16;
172.16.0.0/12;
192.0.2.0/24;
192.168.0.0/16;
198.18.0.0/15;
224.0.0.0/3;
};
I've just updated from bogon list 5.9 to 6.3 across all my DNS machines. If you can remember if you have, or haven't, it might be worth checking too.
Oh, and if you require some assistance with DNS stuff, drop me a line.
Update: July 6th. Fixed URL for RFC3330.
[ / software] Trackbacks (0) Comments (0) permanent link permanent link
About
ॐ (aum) - what was, what is and what will be, wildfire's musing
Anand Kumria
wildfire@progsoc.org
Calendar
Topics
- beauty - 1
- blogging - 3
- books - 1
- debian - 7
- edinburgh - 1
- finance - 1
- freedom - 2
- general - 1
- hardware - 3
- dell - 2
- disks - 1
- health - 1
- helsinki - 1
- london - 1
- review - 1
- security - 1
- software - 17
- blosxom - 2
- gnome - 1
- moblog - 1
- ubuntu - 1
- vcs - 2
- zeroconf - 1
- sydney - 6
- isp - 1
- thisisbroken - 1
- travel - 1
- work - 2
- awayphone - 1
- general - 1
Subscribe
Subscribe to a syndicated feed of my weblog, brought to you by the wonders of Atom.
Music
Blosxom
Rendered in only 0.1344 seconds.
Web Standards
