On 11 Oct 2004 12:11:08 -0700, flashl@bigfoot.com (Benu) wrote:

> All files passed named-checkconf, and named-checkzone, there are no
> complaints in /var/log/messages or audit_log. My configuration files
> are:
>
> --/etc/named.conf
> // generated by named-bootconf.pl
> acl my-nets {
> 192.168.2.0/24;
> 127.0.0.1/24;
> localhost;
> };
> acl xfer {
> none;
> };
> acl external-ns {
> 68.105.161.20; //Cable NS1
> 68.1.18.25; //Cable NS2
> };
> acl bogus-net3 {
> 208.0.0.0/4;
> 200.0.0.0/5;
> 196.0.0.0/6;
> 194.0.0.0/7;
> 193.0.0.0/8;
> };
> acl bogus-net2 {
> 0.0.0.0/3;
> 16.0.0.0/3;
> 64.0.0.0/3;
> 96.0.0.0/3;
> 128.0.0.0/3;
> 160.0.0.0/3;
> };


Where did you get the interesting list of address blocks in bogus-net2
and bogus-net3? I'm currently sitting within 128.86/16 (and therefore
within 128/3), and it most certainly isn't bogus.

Also, 64.0.0.0/3 will include 68.105.161.20 and 68.1.18.25, your
"external-ns" machines which are also your forwarders, so you
appear to be blackholing them!

> acl bogus-net1 {
> 0.0.0.0/8;
> 1.0.0.0/8;
> 2.0.0.0/8;
> 192.0.2.0/24;
> 224.0.0.0/3;
> 10.0.0.0/8;
> 172.16.0.0/16;
> };
>
> logging {
> [snip]
> };
>
> options {
> blackhole {
> bogus-net1;
> bogus-net2;
> bogus-net3;
> };
> directory "/var/named/";
> cleaning-interval 30;
> allow-query { "my-nets"; "external-ns"; };
> allow-recursion { "my-nets"; };
> forward first;
> forwarders {
> 68.105.161.20; //Cable NS1
> 68.1.18.25; //Cable NS2
> };


--
Ronan Flood
working for but not speaking for
Network Services, University of London Computer Centre
(which means: don't bother ULCC if I've said something you don't like)