Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-10-01 00:55:42 -04:00
Code Issues Packages Projects Releases Wiki Activity

unbound: block dns rebinding

Browse Source 
Blocking RFC 1918 addresses too is unlikely to be useful on your setup, but may be in case you add something like a VPC in the future.
This commit is contained in:
Orazio 2023-10-04 13:39:59 +02:00 committed by Daniel Micay
parent cb0007f816
commit 9aba6192e7
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
unbound.conf
View File

@ -14,6 +14,17 @@ server:
outgoing-port-avoid: 8008 # synapse outgoing-port-avoid: 8008 # synapse
outgoing-port-avoid: 8080 # attestation outgoing-port-avoid: 8080 # attestation
# Block DNS rebinding
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: fd00::/8
private-address: 169.254.0.0/16
private-address: fe80::/10
private-address: 127.0.0.0/8
private-address: ::1/128
private-address: ::ffff:0:0/96
# AF21 # AF21
ip-dscp: 18 ip-dscp: 18