[Dnsmasq-discuss] dns-rebind - RFC 3330

Simon Kelley simon at thekelleys.org.uk
Tue Jun 12 15:29:57 BST 2012

On 12/06/12 11:14, Davy Stoffel wrote:
> Hi,
> RFC 3330 defines some private ranges (like RFC 1918)
> Dnsmasq should not return these ranges.
> For example, (TEST-NET) is returned when dns-rebind is
> enabled (v 2.55).

I think that is the only extra one there that might fit,
but does it really? DNS rebind attacks give access to internal
addresses, but no sane network should be using the TEST-NET address
internally. That's the equivalent of setting your internal domain to

> I see anything in the changelog related to this or maybe is it planned
> in future releases ?

No current plans, but it could be added if a consensus appears that it's
a good idea.

Opinions, anyone?


More information about the Dnsmasq-discuss mailing list