Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS query to RBL blacklists return no answer

    DHCP and DNS
    6
    24
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      serbus
      last edited by

      Hello!

      You could convert the redmine issue into a feature request and ask that the gui provide more granular control in the nodnsrebindcheck option, such as the ability to exclude or modify some ranges.

      It is interesting to see how our "friends" are approaching this...

      https://github.com/opnsense/core/issues/3692

      John

      Lex parsimoniae

      1 Reply Last reply Reply Quote 0
      • D
        digdug3 @netblues
        last edited by

        @netblues Yes, exactly, and 127.0.0.1/32 (only localhost) isn't used. Even if they say "127.0.0.0/24".

        If I check an IP-address at http://multirbl.valli.org/ (many blocklists). Also a return code of 127.0.0.1 isn't used by any blocklist.

        DNS Rebinding attacks use local addresses, that's why Unbound blocks private IPv4 addresses (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16). Anything other then 127.0.0.1 (localhost) isn't normally used.

        @serbus I think you are right, it should be a "feature". Could you change the report to a feature request?

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Any address in 127/8 is loopback. Yes, 127.0.0.1 is the most common to find on a workstation but there may be others as well, anywhere in that range.

          Only doing rebind protection for 127.0.0.1/32 is a bit of a dangerous/insecure assumption.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          D 1 Reply Last reply Reply Quote 0
          • D
            digdug3 @jimp
            last edited by

            @jimp said in DNS query to RBL blacklists return no answer:

            Any address in 127/8 is loopback. Yes, 127.0.0.1 is the most common to find on a workstation but there may be others as well, anywhere in that range.

            Only doing rebind protection for 127.0.0.1/32 is a bit of a dangerous/insecure assumption.

            Thank you @jimp for the response. Is it possible to allow these 127.0.0.1/24 responses for one ip on the LAN and block it for all others?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.