--- djbdns-1.05/query.c.orig	2001-02-12 06:11:45.000000000 +0900
+++ djbdns-1.05/query.c	2007-11-12 16:12:29.000000000 +0900
@@ -157,6 +157,19 @@
   return 0;
 }
 
+static int ignoreip(const void* _ip)
+{
+  const unsigned char* ip = _ip;
+  if (ip[0] == 10
+      || ip[0] == 127
+      || ip[0] == 172 && (16 <= ip[1] && ip[1] <= 31)
+      || ip[0] == 192 && ip[1] == 168)
+    return 1;
+  return 0;
+}
+
+#define INVALIDIP "\xa9\xfe\0\0"
+
 static int doit(struct query *z,int state)
 {
   char key[257];
@@ -643,7 +656,10 @@
         pos = dns_packet_copy(buf,len,pos,header,10); if (!pos) goto DIE;
         if (byte_equal(header + 8,2,"\0\4")) {
           pos = dns_packet_copy(buf,len,pos,header,4); if (!pos) goto DIE;
-          save_data(header,4);
+          if (!ignoreip(header))
+            save_data(header,4);
+          else
+            save_data(INVALIDIP,4);
           log_rr(whichserver,t1,DNS_T_A,header,4,ttl);
         }
         ++i;
@@ -764,6 +780,14 @@
               pos2 = dns_packet_copy(buf,len,pos2,misc,20); if (!pos2) goto DIE;
               if (!response_addbytes(misc,20)) goto DIE;
             }
+            else if (typematch(header,DNS_T_A)) {
+              if (pos + datalen > len) goto DIE;
+              if (!ignoreip(buf + pos)) {
+                if (!response_addbytes(buf + pos,datalen)) goto DIE;
+              } else {
+                if (!response_addbytes(INVALIDIP,4)) goto DIE;
+              }
+            }
             else {
               if (pos + datalen > len) goto DIE;
               if (!response_addbytes(buf + pos,datalen)) goto DIE;