On Wed, Jan 19, 2011 at 8:25 AM, Vick Khera <[email protected]> wrote: > On Tue, Jan 18, 2011 at 9:38 PM, Chris Buechler <[email protected]> wrote: >>> It feels like it is eating up any 192.168.0.0/16 IP address returned >>> for a hostname. >>> >> >> This is by design to protect against DNS rebinding attacks. If you >> have to get private IP responses from your upstream DNS you must >> disable that under System>Advanced. >> > > Thanks. I'll flip that setting when I'm at home. > > I read the description on the setting and it is not at all obvious > that this is the symptom of the checkbox being unset.
That's why I also changed the description pretty considerably last night. > It totally made all of my VPN servers invisible. Seems a tough > choice: protect against rebinding or make the VPN usable. > You get both if you just use domain overrides for domains where you expect private IP responses. Domains in domain overrides are excluded since most commonly those return private IPs, generally leaving Internet DNS only as where private IP responses are blocked. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
