Prevent reverse dns requests from non-routable zones. (RFC6303 4.2)

Additional DNS zones entered as private-address to align with RFC6303. Signed-off-by: Rob Gill <rrobgill@protonmail.com>
2025-12-26 14:10:50 +00:00 · 2025-03-13 12:53:23 +10:00
parent 2619caccfa
commit 243947fc58
1 changed files with 7 additions and 0 deletions
--- a/docs/guides/dns/unbound.md
+++ b/docs/guides/dns/unbound.md
@@ -145,6 +145,13 @@ server:
    private-address: 10.0.0.0/8
    private-address: fd00::/8
    private-address: fe80::/10
+
+    # Ensure no reverse queries to non-public IP ranges (RFC6303 4.2)
+    private-address: 192.0.2.0/24
+    private-address: 198.51.100.0/24
+    private-address: 203.0.113.0/24
+    private-address: 255.255.255.255/32
+    private-address: 2001:db8::/32
 ```

 Start your local recursive server and test that it's operational: