Bogon Check
free/v1/ip/bogonIdentifies bogon IP addresses - IPs from private, reserved, or special-purpose ranges as defined by IANA and various RFCs (RFC 1918, RFC 5737, RFC 6598, RFC 4193). Supports both IPv4 and IPv6. Critical for firewall hardening, spoofed traffic detection, and input validation.
What It Does
Checks if an IPv4 or IPv6 address falls within any IANA-defined special-purpose range. For IPv4, checks 16 ranges including: private networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 per RFC 1918), CGNAT (100.64.0.0/10 per RFC 6598), loopback (127.0.0.0/8), link-local (169.254.0.0/16), documentation (192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24 per RFC 5737), benchmarking (198.18.0.0/15), multicast (224.0.0.0/4), and reserved (240.0.0.0/4). For IPv6, checks unique-local (fc00::/7 per RFC 4193), link-local (fe80::/10), loopback (::1), and more. Returns the bogon type, matching CIDR range, RFC reference, and whether it is specifically a private address.
Why It's Useful
Bogon traffic on the public internet indicates either network misconfiguration or IP spoofing attacks. Filtering bogons is a fundamental network security practice recommended by NIST, SANS, and FIRST. This endpoint helps developers validate user-submitted IPs, network engineers audit firewall rules, and SOC analysts detect spoofed traffic in real-time.
Use Cases
Firewall Rule Validation
Audit firewall allowlists and ACLs to ensure no bogon ranges are accidentally permitted, especially CGNAT (100.64.0.0/10) ranges that are commonly misconfigured.
Eliminate security holes from misconfigured firewall rules that allow reserved address space.
Spoofed Traffic Detection
Flag incoming traffic from bogon IP addresses at the network edge as definitively spoofed, since these addresses cannot exist on the public internet.
Instant, zero-false-positive detection of IP spoofing attacks in traffic analysis.
API Input Validation
Validate user-submitted IP addresses in registration forms and API requests to reject private or reserved ranges that indicate test data, misconfiguration, or abuse.
Ensure data quality and prevent SSRF-like attacks by rejecting non-routable addresses at the application layer.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
ip | string | Required | The IPv4 or IPv6 address to checkExample: 192.168.1.1 |
Response Fields
| Field | Type | Description |
|---|---|---|
ip | string | The queried IP address |
is_bogon | boolean | Whether IP is a bogon (non-routable) address |
bogon_type | string | Classification: private, loopback, link_local, multicast, carrier_grade_nat, documentation, benchmarking, reserved, broadcast, unspecified, unique_local |
description | string | Human-readable description of the range purpose |
rfc | string | RFC defining the reserved range (e.g., RFC 1918, RFC 6598) |
ip_version | number | IP version: 4 or 6 |
is_private | boolean | Whether the IP is specifically a private address (RFC 1918 / RFC 4193) |
matched_range | string | The matching CIDR range (e.g., 10.0.0.0/8), null if not bogon |
Code Examples
curl "https://api.edgedns.dev/v1/ip/bogon" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "ip=192.168.1.1"const response = await fetch(
'https://api.edgedns.dev/v1/ip/bogon?ip=192.168.1.1',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/ip/bogon',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'ip': '192.168.1.1'
}
)
data = response.json()
print(data)Read the full Bogon Check guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.