Update list of subnet for --bogus-priv

RFC6303 specifies & recommends following zones not be forwarded to globally facing servers. +------------------------------+-----------------------+ | Zone | Description | +------------------------------+-----------------------+ | 0.IN-ADDR.ARPA | IPv4 "THIS" NETWORK | | 127.IN-ADDR.ARPA | IPv4 Loopback NETWORK | | 254.169.IN-ADDR.ARPA | IPv4 LINK LOCAL | | 2.0.192.IN-ADDR.ARPA | IPv4 TEST-NET-1 | | 100.51.198.IN-ADDR.ARPA | IPv4 TEST-NET-2 | | 113.0.203.IN-ADDR.ARPA | IPv4 TEST-NET-3 | | 255.255.255.255.IN-ADDR.ARPA | IPv4 BROADCAST | +------------------------------+-----------------------+ Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

Update list of subnet for --bogus-priv
90477fb7 · Simon Kelley · 98079ea8 · 90477fb7
Commit 90477fb7 authored Oct 20, 2015 by Simon Kelley
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 2 deletions

src/rfc1035.c src/rfc1035.c +6 -2

No files found.
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -756,10 +756,14 @@ int private_net(struct in_addr addr, int ban_localhost)
  return
    (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost)  /* 127.0.0.0/8    (loopback) */ ||
    ((ip_addr & 0xFF000000) == 0x00000000)  /* RFC 5735 section 3. "here" network */ ||
-    ((ip_addr & 0xFFFF0000) == 0xC0A80000)  /* 192.168.0.0/16 (private)  */ ||
    ((ip_addr & 0xFF000000) == 0x0A000000)  /* 10.0.0.0/8     (private)  */ ||
    ((ip_addr & 0xFFF00000) == 0xAC100000)  /* 172.16.0.0/12  (private)  */ ||
-    ((ip_addr & 0xFFFF0000) == 0xA9FE0000)  /* 169.254.0.0/16 (zeroconf) */ ;
+    ((ip_addr & 0xFFFF0000) == 0xC0A80000)  /* 192.168.0.0/16 (private)  */ ||
+    ((ip_addr & 0xFFFF0000) == 0xA9FE0000)  /* 169.254.0.0/16 (zeroconf) */ ||
+    ((ip_addr & 0xFFFFFF00) == 0xC0000200)  /* 192.0.2.0/24   (test-net) */ ||
+    ((ip_addr & 0xFFFFFF00) == 0xC6336400)  /* 198.51.100.0/24(test-net) */ ||
+    ((ip_addr & 0xFFFFFF00) == 0xCB007100)  /* 203.0.113.0/24 (test-net) */ ||
+    ((ip_addr & 0xFFFFFFFF) == 0xFFFFFFFF)  /* 255.255.255.255/32 (broadcast)*/ ;
 }

 static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *header, size_t qlen, char *name, int *doctored)