Project

General

Profile

Actions
Copy link

Correction #14123

closed

DNS Rebinding pfsense documentation

Added by Alex Sensation over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Jim Pingle
Category:
DNS
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:

Description

DNS protection documentation here: <https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html#dns-protection> states:

"When DNS rebinding attack protection is active the DNS Resolver strips RFC 1918 addresses from DNS responses."

This type of protection comes from the pfsense GUI Disable DNS Rebinding Checks, which uses the private-address: setting from unbound. Activating this option, removes addresses in the 127.0.0.0/8 range on top of the private RFC 1918 addresses.

Feel free to call me an idiot but I belive the 127.0.0.0/8 range is not included in RFC 1918 thus a correction should be helpful for people that use DNSBL which often use that range.

The unbound documentation explicitely states how using this range hinders spamblocklists. <https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html>

Files

clipboard-202303171859-9ytbh.png (124 KB) clipboard-202303171859-9ytbh.png Alex Sensation, 03/17/2023 05:59 PM
Actions
Copy link

Also available in: Atom PDF