Skip to content

Commit 243947f

Browse files
rrobgillrrobgill
committed
Prevent reverse dns requests from non-routable zones. (RFC6303 4.2)
Additional DNS zones entered as private-address to align with RFC6303. Signed-off-by: Rob Gill <[email protected]>
1 parent 2619cac commit 243947f

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

docs/guides/dns/unbound.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,13 @@ server:
145145
private-address: 10.0.0.0/8
146146
private-address: fd00::/8
147147
private-address: fe80::/10
148+
149+
# Ensure no reverse queries to non-public IP ranges (RFC6303 4.2)
150+
private-address: 192.0.2.0/24
151+
private-address: 198.51.100.0/24
152+
private-address: 203.0.113.0/24
153+
private-address: 255.255.255.255/32
154+
private-address: 2001:db8::/32
148155
```
149156
150157
Start your local recursive server and test that it's operational:

0 commit comments

Comments
 (0)