DNS Rebind Protection
Blocks domains that point to RFC1918 and loopback addresses.
This is a Profile Option that you can enable on any of your Profiles. With this enabled, any Device that enforces this Profile will not resolve any RFC1918 and loopback (localhost) addresses found in public DNS. You can still make your own custom rules that spoof domains to to these IP ranges.
Example
No DNS rebind protection.
test@test-vm:~$ dig +short rfc1918.test.controld.org
192.168.0.1
Now enable DNS rebind protection.
test@test-vm:~$ dig +short rfc1918.test.controld.org
0.0.0.0
Updated almost 2 years ago