[Dnsmasq-discuss] configurable stop-dns-rebind?
clemens fischer
ino-news at spotteswoode.dnsalias.org
Tue May 11 23:23:23 BST 2010
Simon Kelley wrote:
> OK, try test25, in the usual place. I called the option
> --rebind-domain-ok but otherwise it's as Clemens describes.
What can I say? It just works! I have "stop-dns-rebind" on and three
dnsbl's configured:
--rebind-domain-ok=/zen.spamhaus.org/
--rebind-domain-ok=/dnsbl-1.uceprotect.net/
--rebind-domain-ok=/ix.dnsbl.manitu.net/
The smtp server (postfix) does its lookups and gets the proper results
in the 127/8 range. Then I removed the above arguments from dnsmasq's
command line: now I see "possible DNS-rebind attack detected" for
connecting IPs listed for spamming.
A perfect result!
clemens
More information about the Dnsmasq-discuss
mailing list