[CDBUG-talk] blackhole time-warner
Dave Del Debbio
ddeldebb at gmail.com
Tue Jul 22 22:38:12 EDT 2008
Dave Del Debbio wrote:
> Does else want to do this? Time Warner has a dhcp server at
> 10.116.176.1 serving my dynamic ip connection. I don't have a route to
> 10/8 in the routing table, yet I keep getting icmp echo requests
> from the dhcp server and one other machine on the 10/8 subnet on my
> gateway.
>
> To prevent direct queries, reverse queries, and kill syslog "no route to
> host" messages I did the following:
>
> route -q add -inet 10.0.0.0/8 localhost -blackhole to /etc/rc
>
> edited named.conf and added following:
>
> acl rr { 10.0.0.0/8; };
>
> options {
> <snip>
> blackhole { rr; };
> <snip>
> }
>
> and have a (advice from ISC website)
>
> zone "10.in-addr.arpa"{
> type master;
> file "master/empty";
> };
>
> which has:
> ; $OpenBSD: empty,v 0.1 2008/07/21 21:20:25 ddeldebb Exp $
>
> $ORIGIN 10.in-addr.arpa.
> $TTL 6h
>
> @ IN SOA fw.home.deldebbio.org. root.home.deldebbio.org. (
> 1 ; serial
> 1h ; refresh
> 30m ; retry
> 7d ; expiration
> 1h ) ; minimum
>
> NS blackhole-1.iana.org.
> NS blackhole-2.iana.org.
>
>
> Is this overkill? Is there a better way to handle RFC 1918 packets from
> Time Warner?
>
> Dave.
Nevermind. I found how I wanted the empty zone from emj.se; I also
moved the added route to rc.local.
I'm good to go...
More information about the CDBUG-talk
mailing list