[Dnsmasq-discuss] stop-dns-rebind and IPv6

dnsmasq at flyingout.name dnsmasq at flyingout.name
Thu Sep 9 01:38:42 BST 2010

On Wed, 08 Sep 2010 22:24 +0100, "Simon Kelley"
<simon at thekelleys.org.uk> wrote:
> dnsmasq at flyingout.name wrote:

> > Is there a way to block the AAAA records as well?
> No but there probably should be.


> What IPv6 ranges need to be blocked? the IPv4-mapped ones obviously, but
> ::1 also? What about the fe80:: link-local addresses.

Good question. (And I'll admit that I'm no expert here.) Definitely the
IPv4 mapped and ::1. From an ongoing discussion I've been having
elsewhere, here's a list for discussion:

RFC1918:            ::ffff:         ::ffff:         ::ffff:
And loopback:           ::ffff:

There was a suggestion for:

although I'm not sure there's much of a threat there. On the other hand,
they don't have much reason to be coming from public resolvers, either.


More information about the Dnsmasq-discuss mailing list