Binding to non-local IP addresses
Tomas Simonaitis
tomas.simonaitis at gmail.com
Thu Mar 21 19:25:43 UTC 2024
Hi,
You should not add these IPs to your interface or set then in unbound config.
Instead search for iptables redirect rule - using it you will be abble to redirect traffic to selected foreign IPs to your router IP.
> On 21 Mar 2024, at 20:32, Bruno Blanes via Unbound-users <unbound-users at lists.nlnetlabs.nl> wrote:
>
>
> Hi folks,
> I’ve seen a lot of home routers, mainly ZTE and D-Link, being attacked and having their LAN DNS changed to random servers with malicious intent. I am redirecting requests to those servers into my Unbound machine and I can see the requests flow through tcpdump, however I can’t get Unbound to reply.
> I’ve set ip-freebind, but I can only get Unbound to reply if I also set the address in an interface, but this isn’t practical given that I’d have to know all malicious DNS on the web and maintain a list of them on my interfaces.
> Have anyone done anything similar and got it working?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20240321/8a5b08f2/attachment.htm>
More information about the Unbound-users
mailing list