annotate common/unbound.conf-ibbpi @ 476:b0531370e183
Avoid fully controllable rewrite prefix
Apache doesn't guarantee that rewrites are URLs or paths
within the prefix and will process them rather than error,
so close a fully controllable rewrite prefix:
https://blog.orange.tw/2024/08/confusion-attacks-en.html?m=1
| author |
IBBoard <dev@ibboard.co.uk> |
| date |
Sun, 11 Aug 2024 13:29:59 +0100 |
| parents |
f4ed14153cda |
| children |
2c3e745be8d2 |
| rev |
line source |
|
450
|
1 # Based on https://www.nlnetlabs.nl/documentation/unbound/howto-setup/
|
|
|
2 # Note: If the upstream DNS stops synthesising IPv6 records for IPv4-only
|
|
|
3 # domains due to honouring DNSSEC then we need to go back to doing DNS64 here
|
|
|
4 server:
|
|
|
5 interface: 127.0.0.1
|
|
|
6 interface: ::1
|
|
|
7 access-control: 127.0.0.0/24 allow
|
|
|
8 access-control: ::1 allow
|
|
|
9 verbosity: 1
|
|
|
10
|
|
|
11 forward-zone:
|
|
|
12 name: "."
|
|
|
13 forward-addr: 2a00:1098:0:80:1000:3b:0:1
|
|
|
14 forward-addr: 2a00:1098:0:82:1000:3b:0:1 |
