[afnog] How to build a DNS Server
SM
sm at resistor.net
Fri Feb 13 05:40:07 UTC 2009
At 16:38 12-02-2009, Randy Bush wrote:
>perhaps having a hard coded bogon list is not doing the community
>any favors in this day and age. the community has learned with
>great pain that they are not maintained and cause serious problems
>debugging.
The bogon list is only correct at some point in time. There were
allocations during each of the last six months. Most people
installing DNS servers will use this configuration as a fire and
forget template. It is the same problem as router ACLs.
It is better to move the bogon list for networks that should never be
seen on the Internet out of the secure BIND template. You could put
it on a separate web page with the usual warnings. That is if you
think that the advantages of having such a filter outweighs the
problems they may cause.
Regards,
-sm
More information about the afnog
mailing list