On 17/03/2020 21:48, Dominik wrote:
> Patch attached.
and applied. Thanks.
Simon.
>
> On 17.03.20 21:54, Simon Kelley wrote:
>>
>> On 11/03/2020 07:55, Dominik wrote:
>>> Hey Buck,
>>>
>>> dnsmasq blocks all IPv4 address replies in the "private" subnets when
>>> enabling stop-dns-rebind.
Patch attached.
On 17.03.20 21:54, Simon Kelley wrote:
>
> On 11/03/2020 07:55, Dominik wrote:
>> Hey Buck,
>>
>> dnsmasq blocks all IPv4 address replies in the "private" subnets when
>> enabling stop-dns-rebind. For IPv6, it blocks only the IPv4-mapped address
>> ranges matching said private
On 11/03/2020 07:55, Dominik wrote:
> Hey Buck,
>
> dnsmasq blocks all IPv4 address replies in the "private" subnets when
> enabling stop-dns-rebind. For IPv6, it blocks only the IPv4-mapped address
> ranges matching said private subnets.
>
> Neither ULAs nor LLs (link-locals) are blocked in
Hey Buck,
dnsmasq blocks all IPv4 address replies in the "private" subnets when enabling
stop-dns-rebind. For IPv6, it blocks only the IPv4-mapped address ranges
matching said private subnets.
Neither ULAs nor LLs (link-locals) are blocked in the IPv6 range. I agree this
should be added.
I
I am using dnsmasq version pi-hole-2.80 as embedded in Pi-hole, with my
router set as its sole upstream server (server=192.168.178.1#53).
When evaluating DNS rebind protection provided by dnsmasq (by adding
stop-dns-rebind), I observed that dnsmasq correctly detects and
suppresses IPv4
2010/9/10 Mark Cross markcross.gpg...@gmx.com:
[snip]
BEHAVE 64:ff9b::/96 Well Known Prefix
Oh, drafts are also OK?
Then i have this nice comment here in my code:
//TODO: add DS-Lite well known addresses
/*
* When the draft gets to standard:
* 192.0.0.0/29 is reserved for the p2p
Jan 'RedBully' Seiffert wrote:
2010/9/10 Mark Cross markcross.gpg...@gmx.com:
[snip]
BEHAVE 64:ff9b::/96 Well Known Prefix
Oh, drafts are also OK?
No, not really, But should be given some consideration as it has been
reserved in the IANA numbering system already. Seems to me it
2010/9/8 Simon Kelley si...@thekelleys.org.uk:
dnsm...@flyingout.name wrote:
[snip - IPv6 rebind filter failing]
What IPv6 ranges need to be blocked? the IPv4-mapped ones obviously, but
::1 also?
Sure, it's the equivalent to 127.0.0.1
What about the fe80:: link-local addresses.
I would say
On Wed, 08 Sep 2010 22:24 +0100, Simon Kelley
si...@thekelleys.org.uk wrote:
dnsm...@flyingout.name wrote:
Is there a way to block the records as well?
No but there probably should be.
Cool.
What IPv6 ranges need to be blocked? the IPv4-mapped ones obviously, but
::1 also? What
Hey all,
I've searched the list, man, conf, etc. and didn't find anything on
this.
I've been testing the rebinding protection and thought it was working
until I hit it with a little dns testing tool over at grc.com. Some
browsers issue A and queries and it appears dnsmasq is only
blocking
10 matches
Mail list logo