[Apologies for duplicates. I'm posting this to all the ISP Operations List.] Hello Everyone, I've pushed out new versions of the ingress prefix templates. Had a really good peer review of the list by Steve Gill. He is working on the Junos flavored template. This review resulted in some nice tweaks and additions to the list. You can down load the templates from: ftp://ftp-eng.cisco.com/cons/isp/security/Ingress-Prefix-Filter-Template s/ Here are the changes with version 1.11 + Changes J-Root: J.ROOT-SERVERS.NET. 192.58.128.0/24 + Added 82.0.0.0/8 for the new RIPE-NCC allocation. + Added a deny for 240.0.0.0/4 le 32 and changed 224.0.0.0/3 le 32 to 224.0.0.0/4 le 32. + Matching and adding more DNS G-TLD servers from: http://www.qorbit.net/documents/golden-networks We need help refining the more specifics for the G-TLDs (see below). I see /16s, /18s, and other big prefixes in the list. These big prefixes worry me. It could mean that root servers administrator are not thinking through the impact of a more specific prefix hijack and stacking several critical servers on one segment. So, if people have the time and the knowledge of the more specifics, please let me know. Thanks, Barry aero | dns7.denic.de. | 194.246.96.0/24 aero | merapi.switch.ch. | 130.59.0.0/16 aero | ns3.knipp.de. | 194.64.105.0/24 aero | tld1.nominum.com. | 198.133.199.0/24 aero | tld2.nominum.com. | 192.100.59.0/24 biz | a.gtld.biz. | 209.173.53.0/24 biz | b.gtld.biz. | 209.173.57.0/24 biz | c.gtld.biz. | 209.173.60.0/24 biz | d.gtld.biz. | 213.86.0.0/16 biz | e.gtld.biz. | 209.173.58.0/24 biz | f.gtld.biz. | 209.173.58.0/24 coop | ns1.nic.coop. | 198.133.199.0/24 coop | ns2.nic.coop. | 192.100.59.0/24 gov edu | a3.nstld.com. | 192.5.6.0/24 gov edu | b3.nstld.com. | 192.33.14.0/24 gov edu | c3.nstld.com. | 192.26.92.0/24 gov edu | d3.nstld.com. | 192.31.80.0/24 gov edu | e3.nstld.com. | 192.12.94.0/24 gov edu | f3.nstld.com. | 192.35.51.0/24 gov edu | g3.nstld.com. | 192.42.93.0/24 gov edu | l3.nstld.com. | 192.41.162.0/24 gov edu | m3.nstld.com. | 192.55.83.0/24 info | tld1.ultradns.net. | 204.74.112.0/24 info | tld2.ultradns.net. | 204.74.113.0/24 int | ns.isi.edu. | 128.9.0.0/16 int | ns.uu.net. | 137.39.0.0/16 int | ns0.ja.net. | 128.86.0.0/16 int | ns0.ja.net. | 193.60.0.0/14 int | ns1.cs.ucl.ac.uk. | 128.16.0.0/16 int museum | ns.icann.org. | 192.0.34.0/24 mil | con1.nipr.mil. | 199.252.128.0/18 mil | con2.nipr.mil. | 199.252.128.0/18 mil | eur1.nipr.mil. | 199.252.154.0/24 mil | eur2.nipr.mil. | 199.252.128.0/18 mil | pac1.nipr.mil. | 199.252.180.0/24 mil | pac2.nipr.mil. | 199.252.155.0/24 museum | dns1.getty.edu. | 153.10.0.0/16 museum | nic.icom.org. | 195.7.64.0/19 museum | nic.museum. | 130.242.0.0/15 museum | ns-ext.vix.com. | 204.152.184.0/21 name | a10.nstld.com. | 192.5.6.0/24 name | f10.nstld.com. | 192.35.51.0/24 name | g10.nstld.com. | 192.42.93.0/24 name | l10.nstld.com. | 192.41.162.0/24 name | ns1.nic.name. | 193.109.220.0/24 name | ns3.nic.name. | 202.71.192.0/18 pro | a.iana-servers.net. | 192.0.34.0/24 pro | b.iana-servers.net. | 193.0.0.0/21 - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog