In my previous post I’ve shown that I did use a bogons list to filter out bad hosts from my dns-infrastructure. Here’s a script on how to fetch that:
Update
Seems the fullbogons list by team cymru I do use here is gone. It’s a pity. In case you’re aware of a similar actively maintained list, please drop me a note. Obviously the wget calls below will fail (in case those text files won’t appear again)
#!/bin/bash SRC[1]="http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt" SRC[2]="http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt" echo "acl bogons {" > /tmp/named.conf.bogons for URL in "${SRC[@]}"; do wget -q ${URL} -O /tmp/bogons.list if [ $? != 0 ]; then echo "Something went wrong downloading the bogons list. Exiting..."; exit 1 fi while read -r BOGON; do if [ "${BOGON}" != "127.0.0.0/8" ]; then echo " ${BOGON};" >> /tmp/named.conf.bogons fi done< <(cat /tmp/bogons.list | tail -n+2) done echo "};" >> /tmp/named.conf.bogons rm /tmp/bogons.list mv /tmp/named.conf.bogons /etc/bind/named.conf.bogons /usr/sbin/named-checkconf if [ $? != 0 ]; then echo "Something went wrong with the BIND configuration. Exiting..."; exit 1 fi /usr/sbin/rndc reconfig
Have fun.
No Comments