nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Time to add 2002::/16 to bogon filters?

From: Tony Finch <dot () dotat at>
Date: Tue, 19 Jun 2018 10:47:39 +0100
Jared Mauch <jared () puck nether net> wrote:


There is also the problem noted by Wes George with 6to4 being used in
DNS amplification, which may be interesting..

http://iepg.org/2018-03-18-ietf101/wes.pdf


I configure my DNS servers with a long-ish list of bogon addresses. For
v6, the list includes Teredo and 6to4 and various other horrors:

# RFC 5156 and IANA IPv6 address space registry
server  0000::/3        { bogus yes; };
server  2001:0000::/32  { bogus yes; };
server  2001:0002::/48  { bogus yes; };
server  2001:0010::/28  { bogus yes; };
server  2001:0db8::/32  { bogus yes; };
server  2002::/16       { bogus yes; };
server  3000::/4        { bogus yes; };
server  4000::/2        { bogus yes; };
server  8000::/1        { bogus yes; };

Tony.
-- 
f.anthony.n.finch  <dot () dotat at>  http://dotat.at/
Southeast Iceland: Cyclonic, mainly westerly, 6 to gale 8, decreasing 5 later.
Rough or very rough, becoming moderate or rough later. Showers. Moderate or
good.
Previous By Date Next
Previous By Thread Next

Current thread: