Big refactoring (more secured, more modular)

- Region change to "CA Montreal" - Using external data images for malicious hostnames - Added malicious IP addresses blocking with Unbound - Unbound has DNS rebinding protection
2018-10-28 14:08:14 +01:00
parent e6b5166c7f
commit 4bcaec6a33
5 changed files with 69 additions and 91 deletions
--- a/unbound.conf
+++ b/unbound.conf
@@ -30,6 +30,16 @@ server:
  harden-referral-path: yes
  harden-algo-downgrade: yes
  # set above to no if there is any problem
+  # Prevent DNS rebinding
+  private-address: 127.0.0.1/8
+  private-address: 10.0.0.0/8
+  private-address: 172.16.0.0/12
+  private-address: 192.168.0.0/16
+  private-address: 169.254.0.0/16
+  private-address: ::1/128
+  private-address: fc00::/7
+  private-address: fe80::/10
+  private-address: ::ffff:0:0/96
  
  # network
  do-ip4: yes