DNS that resolves to RFC1918 address space is blocked


  • I am not sure why Ubiquiti decided that the AmpliFi should block DNS results that return RFC1918 addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), but it's not a well thought-out idea, especially if there is no explicit way to disable only this.

    I don't want to disable the entire DNS cache, I want to ONLY turn off the "block RFC1918 address DNS responses".

    Does anyone know why they decided this was something they should even do in the first place? This breaks everywhere I have static IPs for internal hosts that resolve to something in RFC1918 address space, or if I'm using some split horizon VPNs that rely on public DNS responses that return RFC1918 addresses within the VPN network.

    Yes, I know I can "disable DNS cache" (which, apparently, can only be done from the WEB UI??), but I'd really rather just have a switch to allow RFC1918 DNS results.

    Anyone have insight?

    (Yes, I consider this a bug -- this is a non-obvious behavior with no way to cleanly disable only this issue)


Log in to reply