[Dnsmasq-discuss] dns-rebind - RFC 3330
simon at thekelleys.org.uk
Tue Jun 12 15:29:57 BST 2012
On 12/06/12 11:14, Davy Stoffel wrote:
> RFC 3330 defines some private ranges (like RFC 1918)
> Dnsmasq should not return these ranges.
> For example, 192.0.2.0/24 (TEST-NET) is returned when dns-rebind is
> enabled (v 2.55).
I think that 192.0.2.0/24 is the only extra one there that might fit,
but does it really? DNS rebind attacks give access to internal
addresses, but no sane network should be using the TEST-NET address
internally. That's the equivalent of setting your internal domain to
> I see anything in the changelog related to this or maybe is it planned
> in future releases ?
No current plans, but it could be added if a consensus appears that it's
a good idea.
More information about the Dnsmasq-discuss