[Unbound-users] "outgoing tcp": connect failed due to link-local destinations (and other bogus addresses)
Simon Deziel
simon+unbound at sdeziel.info
Tue Sep 9 21:05:10 UTC 2014
On 09/09/2014 04:45 PM, Jeroen Massar wrote:
> Seems somebody put fe80:: as a AAAA for a NS record in public DNS.
>
> Would be fun to see what happens when somebody enters:
>
> $ORIGIN example.com.
> NS ns1.example.com
> ns1 AAAA ff02::1
>
> Or something similar, hence, please have a default option for filtering
> out that kind of responses (for at least the outgoing connects by unbound.
>
> And if there is such an option, should that not be a default?
You can add the following under "server:"
# Do not connect to IPv6 link-local addresses
do-not-query-address: fe80::/10
Regards,
Simon
More information about the Unbound-users
mailing list