respond with fake IP for DNS rebinding hits?

[sebastian]

I currently have an unbound server.However, with some mail providers using the "exists:" mechanism and returning 127.0.0.1, this obviously triggers a DNS rebinding protection and SERVFAIL.This ultimate leads to an SPF rejection.Is there any way to configure unbound, such as so if the rebinding protection trips, it will instead return a non-routeable bogus IP like "192.0.2.123" (documentation only) which both ensures the "exists:" mechanism works as intended, but also protects the localhost if a malicious actor were to do a rebinding attack..Im thinking of excluding 127.0.0.0/8 from private adress, and then use some sort of rewriting mechanism if this exists in unbound?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20251119/138016c4/attachment.htm>