DNS Rebind Protection
Blocks domains that point to RFC1918 and loopback addresses.
This is a Profile Option that you can enable on any of your Profiles. With this enabled, any Device that enforces this Profile will not resolve any RFC1918 and loopback (localhost) addresses found in public DNS. You can still make your own custom rules that spoof domains to to these IP ranges.
No DNS rebind protection.
[email protected]:~$ dig +short rfc1918.test.controld.org 192.168.0.1
Now enable DNS rebind protection.
[email protected]:~$ dig +short rfc1918.test.controld.org 0.0.0.0
Updated about 1 month ago