Leslie wrote: [..]
It seems to me like the best solution might be a semi-hacky solution of asking arin (and other IRR's) if i can copy its DB and creating an internal peer which null routes unallocated blocks (updated nightly?)
What you want to take is: $rirs = array( "afrinic" => "ftp://ftp.ripe.net/pub/stats/afrinic/delegated-afrinic-latest", "apnic" => "ftp://ftp.ripe.net/pub/stats/apnic/delegated-apnic-latest", "arin" => "ftp://ftp.arin.net/pub/stats/arin/delegated-arin-latest", "lacnic" => "ftp://ftp.ripe.net/pub/stats/lacnic/delegated-lacnic-latest", "ripe" => "ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest", "brnic" => "ftp://ftp.registro.br/pub/stats/delegated-ipv6-nicbr-latest", //// Avoid broken/slow servers: //// "afrinic" => "ftp://ftp.afrinic.net/pub/stats/afrinic/delegated-afrinic-latest", //// "apnic" => "ftp://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest", //// "lacnic" => "ftp://ftp.lacnic.net/pub/stats/lacnic/delegated-lacnic-latest", ); Yes, generally the latter three are broken, but as they are mirrored to RIPE anyway, you can just pull them off there. Then you have all IPv4 and IPv6 delegated blocks. If it is not in there, it is a bogon. Yes, those are updated only once in a day or so, thus if some one is going to start using the block before it is published in those files you will get some false-positives, but then ask the question why they get a block up so quickly and start spamming you in the first place..... Those /stats/ dirs contain other useful things btw. Greets, Jeroen