Bogons via DNS
We provide bogon tracking through DNS via several reversed-IP zones. These zones are queried by reversing the octets of an IPv4 address (or nibbles of an IPv6 address) and appending a zone name, much like reverse DNS (in-addr.arpa and ip6.arpa) and DNSBL queries.
If the IP address represented by a given query is a bogon, the response will be an A RR of 127.0.0.2. You may also query for a TXT RR, which will indicate the bogon prefix within which the given address resides (no TXT record will be present for non-bogon queries).
The available Bogon DNS zones are:
The traditional IPv4 bogon prefixes; Martian (reserved) prefixes plus those /8 networks not allocated to an RIR by IANA.
IPv4 “fullbogons”, encompassing the traditional IPv4 bogon prefixes from bogons.cymru.com as well as prefixes that have been allocated to RIRs but not yet assigned by those RIRs to ISPs, end-users, etc.
IPv6 “fullbogons”, all IPv6 prefixes that have not been allocated to RIRs and that have not been assigned by RIRs to ISPs, end-users, etc.
We can verify that 192.168.1.1 is part of a bogon prefix:
dig +short 220.127.116.11.bogons.cymru.com
We can verify that 10.0.0.0/8 is a bogon prefix:
dig +short 0.0.0.10.bogons.cymru.com
We can check the IPv4 fullbogons zone for 198.51.100.24 , and check what prefix it is part of:
dig +short 18.104.22.168.v4.fullbogons.cymru.com
dig +short 22.214.171.124.v4.fullbogons.cymru.com TXT
We can check the IPv6 fullbogons zone for 2001:DB8:FEEB:DEEF::242 , and see what prefix it is part of, but it won’t be pretty because we have to expand out all of the zeroes to do it:
dig +short 126.96.36.199.0.0.0.0.0.0.0.0.0.0.0.0.f.e.e.d.b.e.e.f.8.b.d.0.1.0.0.2.v6.fullbogons.cymru.com TXT "2001:db8::/29"
dig +short 188.8.131.52.0.0.0.0.0.0.0.0.0.0.0.0.f.e.e.d.b.e.e.f.8.b.d.0.1.0.0.2.v6.fullbogons.cymru.com 127.0.0.2
(Note that the prefix returned for the TXT query above will likely change in the future; the IPv6 documentation prefix is actually 2001:db8::/32, it is aggregated as a /29 in the IPv6 fullbogons feed because the immediately adjacent prefixes have not yet been assigned to any end-users.)