top of page
Eliminating Network Threats via Routing Registries

Bogons via DNS

Free. Forever.


Filter anomalous IPs that harm your business

Improve performance & scalability whilst reducing Bogon related costs and resource drain

Bogon filtering should be undertaken only if the impacts are well-understood. These are not simple filters, and can have adverse impacts if improperly applied. In particular, please consult RFC6598 regarding 100.64.0.0/10. It’s important that you know your network, and that any planned filters are rigorously tested before adoption. These filters may be more applicable to some devices, such as gear that functions as a border router, than other devices.

We provide bogon tracking through DNS via several reversed-IP zones. These zones are queried by reversing the octets of an IPv4 address (or nibbles of an IPv6 address) and appending a zone name, much like reverse DNS (in-addr.arpa and ip6.arpa) and DNSBL queries.

If the IP address represented by a given query is a bogon, the response will be an A RR of 127.0.0.2. You may also query for a TXT RR, which will indicate the bogon prefix within which the given address resides (no TXT record will be present for non-bogon queries).

The available Bogon DNS zones are:

bogons.cymru.com

The traditional IPv4 bogon prefixes; Martian (reserved) prefixes plus those /8 networks not allocated to an RIR by IANA.​

v4.fullbogons.cymru.com

IPv4 “fullbogons”, encompassing the traditional IPv4 bogon prefixes from bogons.cymru.com as well as prefixes that have been allocated to RIRs but not yet assigned by those RIRs to ISPs, end-users, etc.​

v6.fullbogons.cymru.com

IPv6 “fullbogons”, all IPv6 prefixes that have not been allocated to RIRs and that have not been assigned by RIRs to ISPs, end-users, etc.

Examples

We can verify that  192.168.1.1 is part of a bogon prefix:

dig +short 1.1.168.192.bogons.cymru.com

127.0.0.2

We can verify that  10.0.0.0/8  is a bogon prefix:

dig +short 0.0.0.10.bogons.cymru.com

127.0.0.2

We can check the IPv4 fullbogons zone for  198.51.100.24  , and check what prefix it is part of:

dig +short 24.100.51.198.v4.fullbogons.cymru.com

127.0.0.2

dig +short 24.100.51.198.v4.fullbogons.cymru.com TXT

"198.51.100.0/24"

We can check the IPv6 fullbogons zone for  2001:DB8:FEEB:DEEF::242  , and see what prefix it is part of, but it won’t be pretty because we have to expand out all of the zeroes to do it:

dig +short 2.4.2.0.0.0.0.0.0.0.0.0.0.0.0.0.f.e.e.d.b.e.e.f.8.b.d.0.1.0.0.2.v6.fullbogons.cymru.com TXT "2001:db8::/29"

dig +short 2.4.2.0.0.0.0.0.0.0.0.0.0.0.0.0.f.e.e.d.b.e.e.f.8.b.d.0.1.0.0.2.v6.fullbogons.cymru.com 127.0.0.2

(Note that the prefix returned for the TXT query above will likely change in the future; the IPv6 documentation prefix is actually 2001:db8::/32, it is aggregated as a /29 in the IPv6 fullbogons feed because the immediately adjacent prefixes have not yet been assigned to any end-users.)

bottom of page