Skip to content
This repository has been archived by the owner on Sep 4, 2021. It is now read-only.

Vagrantfile: Avoid DNS rebind protection by using TEST-NET-1 #438

Merged
merged 1 commit into from Nov 13, 2014

Conversation

titanous
Copy link
Contributor

The TEST-NET subnets are specified in RFC 5737 for use in documentation, and should be fine for our host-only networking uses.

dnsmasq (used in many home/prosumer/smb routers) rebind protection uses this list which notably excludes all three TEST-NETs:

  • 127.0.0.0/8 (loopback)
  • 192.168.0.0/16 (private)
  • 10.0.0.0/8 (private)
  • 172.16.0.0/12 (private)
  • 169.254.0.0/16 (zeroconf)

I will update the DNS entries as soon as this is merged.

The TEST-NET subnets are specified in RFC 5737 for use in
documentation, and should be fine for our host-only networking uses.

dnsmasq (used in many home/prosumer/smb routers) rebind protection
uses this list which notably excludes all three TEST-NETs:

- 127.0.0.0/8    (loopback)
- 192.168.0.0/16 (private)
- 10.0.0.0/8     (private)
- 172.16.0.0/12  (private)
- 169.254.0.0/16 (zeroconf)

Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
@lmars
Copy link
Contributor

lmars commented Nov 13, 2014

LGTM. I always disliked the seemingly arbitrary subnet selections

titanous added a commit that referenced this pull request Nov 13, 2014
Vagrantfile: Avoid DNS rebind protection by using TEST-NET-1
@titanous titanous merged commit e7b6894 into master Nov 13, 2014
@titanous titanous deleted the vagrant-testnet branch November 13, 2014 00:35
@titanous
Copy link
Contributor Author

DNS updated.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants