Jared Mauch <ja...@puck.nether.net> wrote:
>
> There is also the problem noted by Wes George with 6to4 being used in
> DNS amplification, which may be interesting..
>
> http://iepg.org/2018-03-18-ietf101/wes.pdf
I configure my DNS servers with a long-ish list of bogon addresses. For
v6, the list includes Teredo and 6to4 and various other horrors:
# RFC 5156 and IANA IPv6 address space registry
server 0000::/3 { bogus yes; };
server 2001:0000::/32 { bogus yes; };
server 2001:0002::/48 { bogus yes; };
server 2001:0010::/28 { bogus yes; };
server 2001:0db8::/32 { bogus yes; };
server 2002::/16 { bogus yes; };
server 3000::/4 { bogus yes; };
server 4000::/2 { bogus yes; };
server 8000::/1 { bogus yes; };
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Southeast Iceland: Cyclonic, mainly westerly, 6 to gale 8, decreasing 5 later.
Rough or very rough, becoming moderate or rough later. Showers. Moderate or
good.
