unbound DNS rebind protection

📆
🏷
, ,

While working on my DNS firewalling @home I was studying unbound.conf and found what I already had forgotten, unbound’s DNS rebinding protection.

DNS rebinding is a an attack where a malicious website is using your browser to resolve internal addresses (e.g. RFC1918) in order to get their hands on internal ressources like e.g. your routers admin interface. There have been attacks in the wild using that technique and I bet there still are. rebind.network is a site that actually tries to find some internal ressources on your network; the site needs javascript. Anywho and without further ado, here’s the setting that I am running on my unbound – courtesy of unbound.conf(5):

private-address: 10.0.0.0/8 
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: fd00::/8
private-address: fe80::/10
private-domain: my.lan.domain
--EOF