[Dnsmasq-discuss] dns-rebind - RFC 3330

Simon Kelley simon at thekelleys.org.uk
Tue Jun 12 15:29:57 BST 2012


On 12/06/12 11:14, Davy Stoffel wrote:
> Hi,
> 
> RFC 3330 defines some private ranges (like RFC 1918)
> Dnsmasq should not return these ranges.
> 
> For example, 192.0.2.0/24 (TEST-NET) is returned when dns-rebind is
> enabled (v 2.55).

I think that 192.0.2.0/24 is the only extra one there that might fit,
but does it really? DNS rebind attacks give access to internal
addresses, but no sane network should be using the TEST-NET address
internally. That's the equivalent of setting your internal domain to
example.com.

> 
> I see anything in the changelog related to this or maybe is it planned
> in future releases ?


No current plans, but it could be added if a consensus appears that it's
a good idea.

Opinions, anyone?


Simon.




More information about the Dnsmasq-discuss mailing list