Rebinding protection

This provides protection from DNS Rebinding attack by blocking answers which contain IPv4 or IPv6 addresses for private use (or some other special-use addresses).

It is disabled by default. You can enable it in configuration file.

options:
  rebinding-protection: true

Please note that it does not offer stable configuration interface yet. For this reason it is suitable mainly for public resolver operators who do not need to whitelist certain subnets.

Warning

DNS Blacklists (RFC 5782) often use 127.0.0.0/8 to blacklist a domain. Using the rebinding module prevents DNSBL from functioning properly.