[Unbound-users] Filtering unbound Responses (DNS Rebinding issue)

7v5w7go9ub0o 7v5w7go9ub0o at gmail.com
Fri Aug 8 14:35:40 UTC 2008

Florian Weimer wrote:
>> private IP addresses (,,,
>> and
> Filtering 127/8 would break DNSBLs, so you can't really do this.

Sorry; I'm a newbie and don't understand the problem.

1. If I want to install a black list, I'd expect to find it as a 
configuration option.

2. I don't see any configuration items specifically titled "DNSBL"; 
closest option seems to be local-data:

# You can override certain queries with
# local-data: "adserver.example.com A"

3. This request simply blocks external replies that resolve to private 
addresses; how could some external name server legitimately resolve to a 
127/8 address within my computer?

At any rate, if it is a configuration alternative, the local 
administrator could determine whether it would be advantageous or 

Thank you for considering this!

More information about the Unbound-users mailing list