doc: improve DNSBL warning for rebinding module

author Tomas Krizek <tomas.krizek@nic.cz>

Thu, 13 Jun 2019 12:16:17 +0000 (14:16 +0200)

committer Tomas Krizek <tomas.krizek@nic.cz>

Wed, 19 Jun 2019 15:30:21 +0000 (17:30 +0200)
author Tomas Krizek <tomas.krizek@nic.cz>
Thu, 13 Jun 2019 12:16:17 +0000 (14:16 +0200)
committer Tomas Krizek <tomas.krizek@nic.cz>
Wed, 19 Jun 2019 15:30:21 +0000 (17:30 +0200)
diff --git a/modules/rebinding/README.rst b/modules/rebinding/README.rst

index 26432e610d72424efacb15f6fff411de106b55ce..a08b87ed1e24cb4be6c3ef6039dad028f4c85360 100644 (file)
--- a/modules/rebinding/README.rst
+++ b/modules/rebinding/README.rst
@@ -17,9 +17,11 @@ Please note that this module does not offer stable configuration interface
  yet. For this reason it is suitable mainly for public resolver operators
  who do not need to whitelist certain subnets.
  
-.. warning:: Some like to "misuse" such addresses, e.g. `127.*.*.*`
-  in blacklists served over DNS, and this module will block such uses.
+.. warning:: DNS Blacklists (`RFC 5782`_) often use `127.0.0.0/8` to blacklist
+   a domain. Using the rebinding module prevents DNSBL from functioning
+   properly.
  
  .. _`DNS Rebinding attack`: https://en.wikipedia.org/wiki/DNS_rebinding
  .. _IPv4: https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
  .. _IPv6: https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
+.. _`RFC 5782`: https://tools.ietf.org/html/rfc5782#section-2.1
author	Tomas Krizek <tomas.krizek@nic.cz>
	Thu, 13 Jun 2019 12:16:17 +0000 (14:16 +0200)
committer	Tomas Krizek <tomas.krizek@nic.cz>
	Wed, 19 Jun 2019 15:30:21 +0000 (17:30 +0200)