DNS Rebind Protection

Blocks domains that point to RFC1918 and loopback addresses.

Suggest Edits

This is a Profile Option that you can enable on any of your Profiles. With this enabled, any Device that enforces this Profile will not resolve any RFC1918 and loopback (localhost) addresses found in public DNS. You can still make your own custom rules that spoof domains to to these IP ranges.

Example

No DNS rebind protection.

test@test-vm:~$ dig +short rfc1918.test.controld.org
192.168.0.1

Now enable DNS rebind protection.

test@test-vm:~$ dig +short rfc1918.test.controld.org
0.0.0.0

Updated about 1 year ago