Mageia Bugzilla – Attachment 1311 Details for
Bug 3379
Security update for bind for CVE-2011-4313
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
bogon_acl.conf
bogon_acl.conf (text/plain), 2.08 KB, created by
Dave Hodgins
on 2011-12-30 21:49:45 CET
(
hide
)
Description:
bogon_acl.conf
Filename:
MIME Type:
Creator:
Dave Hodgins
Created:
2011-12-30 21:49:45 CET
Size:
2.08 KB
patch
obsolete
>// >// NOTE: This list is changing all the time (naturally) and serves as an >// example only. It is up to you to keep this list up-to-date. In Mandriva >// Linux we allow the 192.168.0.0/16 network to do recursive lookups per >// default. If you don't like this you need to change this now. >// >// http://qa.mandriva.com/en/show_bug.cgi?id=27981 >// >// The list was taken from http://www.cymru.com/Documents/secure-bind-template.html >// Secure BIND Template Version 6.3 27 MAY 2008 >// >// You should keep an eye on http://www.iana.org/assignments/ipv4-address-space in >// order to stay up to date. >// >// NOTE: As of Fri Jul 31 2009 this file isn't used anymore and serves as an example >// only. You should instead look at: >// http://www.team-cymru.org/Services/Bogons/ >// >// $Id: bogon_acl.conf 405097 2009-07-31 12:51:25Z oden $ >// $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/bogon_acl.conf $ > >acl "bogon" { > // Filter out the bogon networks. These are networks > // listed by IANA as test, RFC1918, Multicast, experi- > // mental, etc. If you see DNS queries or updates with > // a source address within these networks, this is likely > // of malicious origin. CAUTION: If you are using RFC1918 > // netblocks on your network, remove those netblocks from > // this list of blackhole ACLs! > 0.0.0.0/8; > 1.0.0.0/8; > 2.0.0.0/8; > 5.0.0.0/8; > 10.0.0.0/8; > 14.0.0.0/8; > 23.0.0.0/8; > 27.0.0.0/8; > 31.0.0.0/8; > 36.0.0.0/8; > 37.0.0.0/8; > 39.0.0.0/8; > 42.0.0.0/8; > 46.0.0.0/8; > 49.0.0.0/8; > 50.0.0.0/8; > 100.0.0.0/8; > 101.0.0.0/8; > 102.0.0.0/8; > 103.0.0.0/8; > 104.0.0.0/8; > 105.0.0.0/8; > 106.0.0.0/8; > 107.0.0.0/8; > 108.0.0.0/8; > 109.0.0.0/8; > 110.0.0.0/8; > 111.0.0.0/8; > 169.254.0.0/16; > 172.16.0.0/12; > 175.0.0.0/8; > 176.0.0.0/8; > 177.0.0.0/8; > 178.0.0.0/8; > 179.0.0.0/8; > 180.0.0.0/8; > 181.0.0.0/8; > 182.0.0.0/8; > 183.0.0.0/8; > 184.0.0.0/8; > 185.0.0.0/8; > 192.0.2.0/24; >// 192.168.0.0/16; > 197.0.0.0/8; > 198.18.0.0/15; > 223.0.0.0/8; > 224.0.0.0/3; >};
// // NOTE: This list is changing all the time (naturally) and serves as an // example only. It is up to you to keep this list up-to-date. In Mandriva // Linux we allow the 192.168.0.0/16 network to do recursive lookups per // default. If you don't like this you need to change this now. // // http://qa.mandriva.com/en/show_bug.cgi?id=27981 // // The list was taken from http://www.cymru.com/Documents/secure-bind-template.html // Secure BIND Template Version 6.3 27 MAY 2008 // // You should keep an eye on http://www.iana.org/assignments/ipv4-address-space in // order to stay up to date. // // NOTE: As of Fri Jul 31 2009 this file isn't used anymore and serves as an example // only. You should instead look at: // http://www.team-cymru.org/Services/Bogons/ // // $Id: bogon_acl.conf 405097 2009-07-31 12:51:25Z oden $ // $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/bogon_acl.conf $ acl "bogon" { // Filter out the bogon networks. These are networks // listed by IANA as test, RFC1918, Multicast, experi- // mental, etc. If you see DNS queries or updates with // a source address within these networks, this is likely // of malicious origin. CAUTION: If you are using RFC1918 // netblocks on your network, remove those netblocks from // this list of blackhole ACLs! 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 5.0.0.0/8; 10.0.0.0/8; 14.0.0.0/8; 23.0.0.0/8; 27.0.0.0/8; 31.0.0.0/8; 36.0.0.0/8; 37.0.0.0/8; 39.0.0.0/8; 42.0.0.0/8; 46.0.0.0/8; 49.0.0.0/8; 50.0.0.0/8; 100.0.0.0/8; 101.0.0.0/8; 102.0.0.0/8; 103.0.0.0/8; 104.0.0.0/8; 105.0.0.0/8; 106.0.0.0/8; 107.0.0.0/8; 108.0.0.0/8; 109.0.0.0/8; 110.0.0.0/8; 111.0.0.0/8; 169.254.0.0/16; 172.16.0.0/12; 175.0.0.0/8; 176.0.0.0/8; 177.0.0.0/8; 178.0.0.0/8; 179.0.0.0/8; 180.0.0.0/8; 181.0.0.0/8; 182.0.0.0/8; 183.0.0.0/8; 184.0.0.0/8; 185.0.0.0/8; 192.0.2.0/24; // 192.168.0.0/16; 197.0.0.0/8; 198.18.0.0/15; 223.0.0.0/8; 224.0.0.0/3; };
View Attachment As Raw
Actions:
View
Attachments on
bug 3379
:
1308
|
1309
|
1310
| 1311 |
1312