sebastian via Unbound-users:
I currently have an unbound server.However, with some mail providers
using the "exists:" mechanism and returning 127.0.0.1, this
obviously triggers a DNS rebinding protection and SERVFAIL.This
ultimate leads to an SPF rejection.Is there any way to configure
unbound, such as so if the rebinding protection trips, it will
instead return a non-routeable bogus IP like "192.0.2.123"
(documentation only) which both ensures the "exists:" mechanism
works as intended, but also protects the localhost if a malicious
actor were to do a rebinding attack..Im thinking of excluding
127.0.0.0/8 from private adress, and then use some sort of rewriting
mechanism if this exists in unbound?
Hi,
could you describe more verbose, who ask what and why. -> full queries
RBLs use an answer 127.0.0.1 all the time. I dont's see, why this
should be a rebind attack.
Do you have a special unbound setting enabled?
Andreas
