DNS Infrastructure: Bogons

In my previous post I’ve shown that I did use a bogons list to filter out bad hosts from my dns-infrastructure. Here’s a script on how to fetch that:

Update

Seems the fullbogons list by team cymru I do use here is gone. It’s a pity. In case you’re aware of a similar actively maintained list, please drop me a note. Obviously the wget calls below will fail (in case those text files won’t appear again)

#!/bin/bash
 
SRC[1]="http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt"
SRC[2]="http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt"
 
echo "acl bogons {" > /tmp/named.conf.bogons
 
for URL in "${SRC[@]}"; do
  wget -q ${URL} -O /tmp/bogons.list
  if [ $? != 0 ]; then
    echo "Something went wrong downloading the bogons list. Exiting...";
    exit 1
  fi
  while read -r BOGON; do
    if [ "${BOGON}" != "127.0.0.0/8" ]; then
      echo "  ${BOGON};" >> /tmp/named.conf.bogons
    fi
  done< <(cat /tmp/bogons.list | tail -n+2)
done
 
echo "};" >> /tmp/named.conf.bogons
 
rm /tmp/bogons.list
 
mv /tmp/named.conf.bogons /etc/bind/named.conf.bogons
/usr/sbin/named-checkconf
if [ $? != 0 ]; then
  echo "Something went wrong with the BIND configuration. Exiting...";
  exit 1
fi
/usr/sbin/rndc reconfig

Have fun.

No Comments

Post a Comment