From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Thu, 13 Jun 2019 12:16:17 +0000 (+0200)
Subject: doc: improve DNSBL warning for rebinding module
X-Git-Tag: v4.1.0~19^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8acaf308593f903d75c4e46aec425574b3d68c0c;p=thirdparty%2Fknot-resolver.git

doc: improve DNSBL warning for rebinding module
---

diff --git a/modules/rebinding/README.rst b/modules/rebinding/README.rst
index 26432e610..a08b87ed1 100644
--- a/modules/rebinding/README.rst
+++ b/modules/rebinding/README.rst
@@ -17,9 +17,11 @@ Please note that this module does not offer stable configuration interface
 yet. For this reason it is suitable mainly for public resolver operators
 who do not need to whitelist certain subnets.
 
-.. warning:: Some like to "misuse" such addresses, e.g. `127.*.*.*`
-  in blacklists served over DNS, and this module will block such uses.
+.. warning:: DNS Blacklists (`RFC 5782`_) often use `127.0.0.0/8` to blacklist
+   a domain. Using the rebinding module prevents DNSBL from functioning
+   properly.
 
 .. _`DNS Rebinding attack`: https://en.wikipedia.org/wiki/DNS_rebinding
 .. _IPv4: https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
 .. _IPv6: https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
+.. _`RFC 5782`: https://tools.ietf.org/html/rfc5782#section-2.1