3

I set up Unbound in my local network as a local DNS resolver. I noticed that it will not filter any private IP addresses in the resolved domains and forward any IP address that a domain resolves to.

In order to protect against DNS rebinding, I would like to make Unbound not return any private IP addresses from public domains to the clients, however I haven't found any information on that from the official documentation. Apparently dnsmasq does this protection by default.

comfreak
  • 1,451
  • 1
  • 21
  • 32

1 Answers1

5

That is called private-address: in Unbound. See this document and look for "private-address: "

Matt
  • 1,537
  • 8
  • 11
Aaron
  • 2,809
  • 2
  • 11
  • 29