On Tue, Jan 18, 2011 at 9:38 PM, Chris Buechler <[email protected]> wrote: >> It feels like it is eating up any 192.168.0.0/16 IP address returned >> for a hostname. >> > > This is by design to protect against DNS rebinding attacks. If you > have to get private IP responses from your upstream DNS you must > disable that under System>Advanced. >
Thanks. I'll flip that setting when I'm at home. I read the description on the setting and it is not at all obvious that this is the symptom of the checkbox being unset. I guess this also explains the metric ton-load of warnings about dns rebinding attempt for my phone trying to connect to the office's PBX server... It totally made all of my VPN servers invisible. Seems a tough choice: protect against rebinding or make the VPN usable. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
