You should be complying with BCP 38 [http://tools.ietf.org/html/bcp38] for Inbound Network Filtering which will reduce a lot of unwanted packets getting into your network.
Our inbound (Cisco) ACL looks like the following and I check up on the bogon addresses [http://www.team-cymru.org/Services/Bogons/bogon-dd.html] regularly to see if they need to be updated: ! filter out the crud ! deny own ip deny ip 213.120.108.211 0.0.0.0 any ! deny bogon addresses deny ip 0.0.0.0 0.255.255.255 any deny ip 100.64.0.0 0.63.255.255 any deny ip 127.0.0.0 0.255.255.255 any deny ip 169.254.0.0 0.0.255.255 any deny ip 192.0.0.0 0.0.0.255 any deny ip 192.0.2.0 0.0.0.255 any deny ip 198.18.0.0 0.1.255.255 any deny ip 198.51.100.0 0.0.0.255 any deny ip 203.0.113.0 0.0.0.255 any deny ip 224.0.0.0 31.255.255.255 any ! deny broadcast deny ip host 255.255.255.255 any deny ip host 0.0.0.0 any ! deny non-routables deny ip 10.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 192.168.0.0 0.0.255.255 any ! Steve _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users