On 09/09/2014 04:45 PM, Jeroen Massar wrote:
> Seems somebody put fe80:: as a AAAA for a NS record in public DNS.
>
> Would be fun to see what happens when somebody enters:
>
> $ORIGIN example.com.
> NS ns1.example.com
> ns1 AAAA ff02::1
>
> Or something similar, hence, please have a default option for filtering
> out that kind of responses (for at least the outgoing connects by unbound.
>
> And if there is such an option, should that not be a default?
You can add the following under "server:"
# Do not connect to IPv6 link-local addresses
do-not-query-address: fe80::/10
Regards,
Simon
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
