On 10/24/18, Grant Taylor via bind-users <bind-users@lists.isc.org> wrote: > On 08/09/2018 01:01 AM, Lee wrote: >> it does, so you have to flag your local zones as rpz-passthru. > > Thank you again Lee. You gave me exactly what I needed and wanted to know.
you're welcome :) > I finally got around to configuring my RPZ to filter IPv4 > Special-Purpose Address Registry as per IANA's definition. > (https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml#iana-ipv4-special-registry-1) > > I am also happily using rpz-passthru for my local domain(s) that resolve > to filtered IPs. > > Now I'm pontificating augmenting my RPZ to also filter replies that > resolve to IPv4 BOGONs. (Received via BGP feed with Team Cymru.) I feel like I'm missing something :( I read this https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325 and used RPZ to block anything coming from outside that might be an internal address. I'm missing what filtering out things like benchmarking & documentation network addrs gets you beyond maybe saving some bandwidth? Same deal with using RPZ to block IPv4 BOGONs. What does RPZ blocking get you that you don't get by blocking them on your edge routers? Thanks, Lee _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
