Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide an option for blocking internal IP addresses #102

Open
ameshkov opened this issue Dec 25, 2016 · 2 comments · May be fixed by #2397
Open

Provide an option for blocking internal IP addresses #102

ameshkov opened this issue Dec 25, 2016 · 2 comments · May be fixed by #2397
Labels
feature request P4: Low

Comments

@ameshkov
Copy link
Member

https://forum.adguard.com/index.php?threads/adguard-dns-discuss.18080/

Cannot block internal IP addresses - DNS responses containing IP addresses listed in RFC1918 should be filtered out to mitigate DNS Rebinding attacks. For example, if badstuff.attacker.com points to 192.168.1.1 then that response should be filtered out. (OpenDNS allows this option and adguard should too)
ameshkov added a commit that referenced this issue Nov 20, 2018
@ameshkov
Merge pull request #102 in DNS/adguard-dns from fix/improve_ratelimit…
4e27ad0 
… to master

* commit '166bc72ff34f839d205166b3d560e97e8d6cf208':
  Fix tests
  Fix binary search in the whitelist
  Added ratelimit whitelist and tests
@ghost ghost mentioned this issue Feb 28, 2020
Closed
@dartraiden
Copy link

dartraiden commented May 4, 2020
edited

Also please make it customizable (for example, this VPN server resolves some domains as 10.0.0.0/8, so this address range should be excluded from rebind protection)

@ameshkov
Copy link
Member Author

@dartraiden please note that you already can block IP addresses using custom rules:

  • |10.* will block 10.0.0.0/8
  • |192.168.* will block 192.168.0.0/16

etc

@juniorz juniorz linked a pull request Dec 5, 2020 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request P4: Low
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add DNS rebinding protection juniorz/AdGuardHome
2 participants
@dartraiden @ameshkov