[Unbound-users] Filtering unbound Responses (DNS Rebinding issue)
7v5w7go9ub0o
7v5w7go9ub0o at gmail.com
Fri Aug 8 14:35:40 UTC 2008
Florian Weimer wrote:
>> private IP addresses (127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8,
>> 172.16.0.0/12 and 169.254.0.0/16)
>
> Filtering 127/8 would break DNSBLs, so you can't really do this.
>
Sorry; I'm a newbie and don't understand the problem.
1. If I want to install a black list, I'd expect to find it as a
configuration option.
2. I don't see any configuration items specifically titled "DNSBL";
closest option seems to be local-data:
# You can override certain queries with
# local-data: "adserver.example.com A 127.0.0.1"
3. This request simply blocks external replies that resolve to private
addresses; how could some external name server legitimately resolve to a
127/8 address within my computer?
At any rate, if it is a configuration alternative, the local
administrator could determine whether it would be advantageous or
problematic.
Thank you for considering this!
More information about the Unbound-users
mailing list