Bogon Ranges: a beginner's guide

A bogon range is the underlying list of IP address blocks that any sensible network considers "never legitimate as a public source." Where the previous concept (a single bogon IP) is one address you check, the bogon ranges are the full reference list of every block that should be filtered. Network engineers, security teams, firewall vendors, and ISPs use this list as the foundation for edge filtering, abuse detection, and spam-source identification. The list itself is maintained by several authoritative groups: the Internet Assigned Numbers Authority (IANA) publishes the master list of unallocated address space; the Regional Internet Registries (RIRs) publish the lists of allocated-but-unused space; and community groups like Team Cymru publish a continuously-updated combined feed.

You should care because the bogon ranges shift over time as IANA allocates new address space, and a stale bogon list can do active harm. There have been multiple high-profile incidents where ISPs continued to filter address ranges that had been recently allocated to legitimate users — the result was that a chunk of the new internet was unreachable from the old. Knowing where to get the current list, and knowing how often to update it, is one of those small operational details that distinguishes a properly run network from one that has been on autopilot too long.

The five sources every bogon-ranges reference includes:

• IANA's master assignment list. The authoritative source for which `/8` blocks have been delegated to which RIR.

• The five RIR allocation databases. ARIN, RIPE NCC, APNIC, LACNIC, and AFRINIC each publish daily snapshots.

• Special-use address registry. RFC 6890 defines all special-use IPv4 ranges (private, loopback, link-local, multicast, etc.).

• The full bogon feed. Team Cymru and a few others combine all the above into a single rolling list, updated daily.

• IPv6 bogons. The IPv6 bogon list is much shorter (because most of the address space is still unallocated) and is critical for IPv6-aware firewalls.

Three questions a bogon ranges check answers:

• Is my firewall or BGP router using the current bogon list, or one from years ago?

• Are any of my filter rules accidentally blocking legitimate traffic from newly-allocated address space?

• For an audit, can I produce the exact bogon list I am filtering against?

The cost of using a stale bogon list is silently breaking connectivity to legitimate users on newly-allocated address space. The fix is to subscribe to a real-time feed from Team Cymru or to pull from the IANA registries directly. This is the kind of operational hygiene that pays compounding dividends and is invisible until it isn't.

In one sentence: Get all bogon [IP (Internet Protocol address)](/guides/ip-geolocation) ranges with RFC (Request for Comments) references

Returns the complete list of bogon IP (Internet Protocol address) ranges sourced from the IANA Special-Purpose Address Registries (the official internet standard, the official internet standard). Includes both IPv4 (Internet Protocol version 4) and IPv6 (Internet Protocol version 6) ranges with CIDR (Classless Inter-Domain Routing) notation, classification, description, and RFC (Request for Comments) references. Use this to build local validation logic or generate firewall rules.

Don't worry if some of the words above are still unfamiliar — there's a plain-language glossary at the bottom of this page, and most of the terms link to their own beginner guides if you want to learn more.

Here's what's actually happening behind the scenes when you call this endpoint:

Returns all IANA-defined special-purpose address ranges for both IPv4 (Internet Protocol version 4) (16 ranges) and IPv6 (Internet Protocol version 6) (12 ranges). Each entry includes CIDR (Classless Inter-Domain Routing) notation, bogon type classification (private, loopback, link_local, multicast, documentation, carrier_grade_nat, benchmarking, reserved, broadcast, unspecified, unique_local), human-readable description, governing RFC (Request for Comments) reference, and IP (Internet Protocol address) version indicator. Data is sourced from the official internet standard and the official internet standard.

If you're using an AI assistant through MCP, you don't need to understand any of the technical details — the assistant calls the tool and translates the result for you.

Let's skip the marketing fluff and answer the only question that actually matters: why should you, a real human with a real to-do list, care about the Bogon Ranges tool? Here's the plain-English version, written the way you'd hear it from a friend who happens to do this for a living.

Build or update local bogon filtering logic with authoritative, machine-readable range data. Essential for generating firewall ACLs, implementing client-side IP (Internet Protocol address) validation, and maintaining accurate ingress/egress filtering per BCP 38 (the official internet standard). Eliminates the need to manually track RFC (Request for Comments) updates to the IANA special-purpose registries.

Picture this in real life. Imagine a network engineer. Here's the situation they're walking into: from your own code or AI assistant generate iptables, pf, or cloud security group rules to block all bogon ranges at the network edge, following BCP 38 (the official internet standard) ingress filtering recommendations. Without the right tool, that person would be stuck copy-pasting between five browser tabs, reading documentation written for engineers, and crossing their fingers that the answer they cobble together is correct. With the Bogon Ranges tool, the same person gets a clear answer in seconds — no spreadsheets, no guessing, no waiting for someone on the infrastructure team to free up.

Three questions this tool answers in plain English. If any of these have ever crossed your mind, the Bogon Ranges tool is built for you:

• Is this domain or IP address known for fraud, phishing, or abuse?

• Should my signup form, payment flow, or comment system trust this visitor?

• Is someone out there registering lookalike domains targeting my brand?

You can either click the tool and get the answer yourself, or ask your AI assistant — connected through MCP (Model Context Protocol) — to ask the question for you and translate the answer into something you can paste into Slack.

Who gets the most out of this. Trust and safety teams, fraud analysts, brand-protection managers, security operations engineers, and product teams running open signup flows. If you see yourself in that list, this is one of the EdgeDNS tools you should bookmark today.

What happens if you skip this entirely. Skip it and you find out a domain or IP was malicious only after it has already cost you money or trust. That's why running this check — even once a month — is one of the cheapest forms of insurance you can give your domain.

If you're still on the fence about whether the Bogon Ranges tool belongs in your toolbox, this section is for you. Below you'll meet three real people — a network engineer, a backend developer, and a security researcher — facing three real situations where this tool turns a stressful afternoon into a five-minute task. Read whichever story sounds closest to your week.

Story 1: Firewall Rule Generation

Imagine you're a network engineer. from your own code or AI assistant generate iptables, pf, or cloud security group rules to block all bogon ranges at the network edge, following BCP 38 (the official internet standard) ingress filtering recommendations.

Why it matters: Comprehensive, up-to-date bogon blocking rules generated from authoritative IANA data.

Story 2: Client-Side IP Validation Library

Imagine you're a backend developer. Cache the bogon range list locally to build high-performance IP (Internet Protocol address) validation in your application without per-request API (Application Programming Interface) calls, refreshing periodically.

Why it matters: Sub-millisecond local bogon validation with zero API (Application Programming Interface) latency, suitable for hot-path request processing.

Story 3: Security Research & Documentation

Imagine you're a security researcher. Reference the complete, RFC-sourced bogon range list for security research papers, network architecture documentation, or compliance audit evidence.

Why it matters: Authoritative, structured reference data with full RFC (Request for Comments) provenance for documentation and research.

Common situations across teams. Beyond the three stories above, here are the everyday workplace moments when people across the company reach for the Bogon Ranges tool — or one of the tools right next to it in this category. If any of these are on your calendar this month, that's your sign:

• Inside a signup form, payment flow, or comment system, to score risk in real time.

• When investigating a customer complaint about a suspicious link or message.

• On a recurring schedule, to monitor lookalike domains targeting your brand.

• During incident response, to enrich an alert with reputation context.

If you can see yourself in even one of those bullets, the Bogon Ranges tool will pay for itself the first time you use it.

Still not sure? Here's the easiest test in the world. Open Claude, ChatGPT, Gemini, or any other AI assistant connected to the EdgeDNS MCP server and ask, in your own words: "Is the Bogon Ranges tool useful for my job?" The assistant will look at the tool, ask you a couple of follow-up questions about what you're trying to accomplish, and give you a straight answer in plain English. No commitment, no signup forms, no jargon.

If you've connected the EdgeDNS MCP server to Claude, ChatGPT, Gemini, Cursor, or any other AI assistant, you don't need to write any code. Just ask in plain English:

"Use the Bogon Ranges tool to check example.com and explain anything that looks wrong in plain language."

The AI will figure out which tool to call, fill in the right parameters, run it, and then explain the result back to you. No copy-pasting between tabs. No reading raw JSON. No memorizing endpoint names.

If you're a developer and want to call the endpoint from a script or your own application, here's the simplest possible example. Replace the placeholder API key with the real one from your dashboard.

Good news: this tool takes no parameters at all. You just authenticate and call it — the endpoint figures everything else out from your account.

When you call this tool, you'll get back a JSON object with the fields below. If you're talking to it through an AI assistant, the assistant reads these for you and explains them in plain language — you don't need to memorize them.

These tools pair naturally with Bogon Ranges. If you're already running this check, the related ones often answer the next question that comes up:

• Bogon Check — Check if IP is private, reserved, or bogon

If you're using an AI assistant through MCP (Model Context Protocol), you can ask it to run several of these in one go: "Check Bogon Ranges and the related tools for example.com and tell me what looks off."

If any words on this page felt like jargon, here's a plain-language version. Click any linked term to read a full beginner-friendly guide.

IP (Internet Protocol address) — A unique number that identifies a computer on the internet, like a phone number for a server.

API (Application Programming Interface) — A way for one program to ask another program for something — like a waiter taking your order to the kitchen.

CIDR (Classless Inter-Domain Routing) — A shorthand way of describing a range of IP addresses, like 192.168.1.0/24. The number after the slash says how many addresses are in the range.

IPv4 (Internet Protocol version 4) — The original kind of internet address — four numbers separated by dots, like 203.0.113.10. The internet has run out of new ones, which is why IPv6 exists.

IPv6 (Internet Protocol version 6) — The newer, longer kind of internet address. Looks like 2001:0db8:85a3::8a2e:0370:7334. Designed because the world ran out of IPv4 addresses.

RFC (Request for Comments) — The official internet standards documents. When someone says 'RFC 8484' they mean a specific numbered standards document — in that case, the one defining DNS over HTTPS.