mirror of
https://github.com/roles-ansible/ansible_role_unbound.git
synced 2024-08-16 13:39:49 +02:00
44 lines
1.5 KiB
Text
44 lines
1.5 KiB
Text
{{ ansible_managed | comment }}
|
|
server:
|
|
# Give IPv4 of IPv6 addresses or classless subnets. These are addresses on your private network,
|
|
# and are not allowed to be returned for public internet names. Any occurrence of such addresses
|
|
# are removed from DNS answers. Additionally, the DNSSEC validator may mark the answers bogus.
|
|
# This protects against so-called DNS Rebinding.
|
|
|
|
# Legacy IP
|
|
{% if unbound__protect_rebind_localhost | bool %}
|
|
# localhost
|
|
private-address: 127.0.0.0/8
|
|
{% endif %}
|
|
{% if unbound__protect_rebind_rfc1918 | bool %}
|
|
# private IPv4 address spaces (rfc 1918)
|
|
private-address: 10.0.0.0/8
|
|
private-address: 172.16.0.0/12
|
|
private-address: 192.168.0.0/16
|
|
{% endif %}
|
|
{% if unbound__protect_rebind_carrier_grade_nat | bool %}
|
|
# carrier-grade NAT (rfc 6598)
|
|
private-address: 100.64.0.0/10
|
|
{% endif %}
|
|
{% if unbound__protect_rebind_v4_link_local | bool %}
|
|
# link-local addresses
|
|
private-address: 169.254.0.0/16
|
|
{% endif %}
|
|
|
|
# IPv6
|
|
{% if unbound__protect_rebind_localhost | bool %}
|
|
# localhost
|
|
private-address: ::/128
|
|
{% endif %}
|
|
{% if unbound__protect_rebind_unique_local | bool %}
|
|
# unique local addresses (rfc 4193)
|
|
private-address: fd00::/8
|
|
{% endif %}
|
|
{% if unbound__protect_rebind_v6_link_local | bool %}
|
|
# link-local addresses (rfc 4862, 4291)
|
|
private-address: fe80::/10
|
|
{% endif %}
|
|
{% if unbound__protect_rebind_rfc4291 | bool %}
|
|
# IPv4-mapped addresses (rfc 4291)
|
|
private-address: ::ffff:0:0/96
|
|
{% endif %}
|