While I expected those queries to return a blocking page, Gateway instead resolved them to internal IPv4 addresses. What is this category supposed to block?
Ok, I have submitted the domain categorization feedback for gwallcheck.api-alliance.com.
However, the nip.io domains are dynamic, so there are millions of combinations, and I can’t submit categorization feedback for them all. I expected that Gateway looks if the response IP is in subnet 10.0.0.0/8 instead of having a hard coded list of domains in this category.
What is any category supposed to block? Categorization on a domain level is inexact at best. Take Reddit for example.
If your goal is to block DNS queries which resolve to private IP addresses, the most reliable path for achieving that is likely to be by creating a list of IP address ranges you wish to block and then using the selector Resolved IP with the in list operator and selecting the IP address list you’ve created.
When I read the documentation saying that this category matches ‘domains that resolve to private IP Addresses’, I expected that it would prevent DNS rebinding attacks to private IP addresses.
Indeed, @cscharff’s solution with the Resolved IP selector works because you can enter subnets like ‘10.0.0.0/8’ there.