[prev in list] [next in list] [prev in thread] [next in thread]
List: unbound-users
Subject: Re: Binding to non-local IP addresses
From: Tomas Simonaitis via Unbound-users <unbound-users () lists ! nlnetlabs ! nl>
Date: 2024-03-21 19:25:43
Message-ID: 47138F1B-1A78-4399-B6CC-19F82DFA1078 () gmail ! com
[Download RAW message or body]
Hi,
You should not add these IPs to your interface or set then in unbound config.
Instead search for iptables redirect rule - using it you will be abble to redirect \
traffic to selected foreign IPs to your router IP.
> On 21 Mar 2024, at 20:32, Bruno Blanes via Unbound-users \
> <unbound-users@lists.nlnetlabs.nl> wrote:
>
> Hi folks,
> I've seen a lot of home routers, mainly ZTE and D-Link, being attacked and having \
> their LAN DNS changed to random servers with malicious intent. I am redirecting \
> requests to those servers into my Unbound machine and I can see the requests flow \
> through tcpdump, however I can't get Unbound to reply. I've set ip-freebind, but I \
> can only get Unbound to reply if I also set the address in an interface, but this \
> isn't practical given that I'd have to know all malicious DNS on the web and \
> maintain a list of them on my interfaces. Have anyone done anything similar and got \
> it working?
[Attachment #3 (text/html)]
<html><head><meta http-equiv="content-type" content="text/html; \
charset=utf-8"></head><body dir="auto"><div dir="ltr"></div><div \
dir="ltr">Hi,</div><div dir="ltr"><br></div><div dir="ltr">You should not add these \
IPs to your interface or set then in unbound config.</div><div dir="ltr">Instead \
search for iptables redirect rule - using it you will be abble to redirect traffic to \
selected foreign IPs to your router IP.</div><div dir="ltr"><br></div><div \
dir="ltr"><br><blockquote type="cite">On 21 Mar 2024, at 20:32, Bruno Blanes via \
Unbound-users <unbound-users@lists.nlnetlabs.nl> \
wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style>@font-face { font-family: "Cambria Math"; }
@font-face { font-family: Aptos; }
@font-face { font-family: "Segoe UI"; }
p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in; font-size: 11pt; font-family: \
Aptos, sans-serif; } span.EmailStyle17 { font-family: "Segoe UI", sans-serif; color: \
windowtext; font-weight: normal; font-style: normal; }
.MsoChpDefault { font-size: 11pt; }
@page WordSection1 { size: 8.5in 11in; margin: 70.85pt 85.05pt; }
div.WordSection1 { page: WordSection1; }</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="font-family:"Segoe UI",sans-serif">Hi \
folks,<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" \
style="font-family:"Segoe UI",sans-serif">I've seen a lot of home routers, \
mainly ZTE and D-Link, being attacked and having their LAN DNS changed to random \
servers with malicious intent. I am redirecting requests to those servers into my \
Unbound machine and I can see the requests flow through tcpdump, however I can't get \
Unbound to reply.<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" \
style="font-family:"Segoe UI",sans-serif">I've set ip-freebind, but I can \
only get Unbound to reply if I also set the address in an interface, but this isn't \
practical given that I'd have to know all malicious DNS on the web and maintain a \
list of them on my interfaces.<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US" style="font-family:"Segoe UI",sans-serif">Have anyone done \
anything similar and got it working?<o:p></o:p></span></p> </div>
</div></blockquote></body></html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic