Maintained by: NLnet Labs

[Unbound-users] "outgoing tcp": connect failed due to link-local destinations (and other bogus addresses)

Yuri Schaeffer
Tue Sep 9 23:50:00 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jeroen,

> (Browsers going to connect to local sites (RFC1918/link-local etc)
> is of course a scary thing when it a remote site specifying some
> remotely controlled DNS server specifying those local addresses,
> but that is a browser issue).

Using the "private-address" directive in unbound.conf, Unbound can
protect you against such DNS rebinding attacks.

Could you elaborate on the significance of querying multicast addresses?

Regards.,
Yuri
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlQPdggACgkQI3PTR4mhavgFhQCfW0sGPvEGgw5OtLo46LYDG535
0RkAniAON2XSwG+R882rEB2zlbrFzF35
=Ei+3
-----END PGP SIGNATURE-----