|
|
|
|
|
|
by pavel_odintsov
1146 days ago
|
|
|
I have idea of even more hostile environment in my mind. My plan for next phase is to get rid of 127.0.0.1 on lo interface. I've tried it once and I had to reboot my machine as all things stopped working. As another angle to make it even more interesting but on network scale I've implemented option for Unbound to suppress A records even if they do exist: https://github.com/NLnetLabs/unbound/pull/819 and push dual stack apps to be IPv6 only. |
|
|
I'm using it to run electron-like apps, abusing Bonjour to provide .local domains with reverse (ex: spreadsheet.local could go to 127.1.2.3 if you forge and send the right mDNS packet on port 5353)
Unfortunately, I haven't found a way to do the same in IPv6: fec0::/10 for site-local address precedence 1 was deprecated by RFC3879
See my proof of concept https://github.com/csdvrx/PerlPleBean/blob/main/experiments/... and the IPv6 explanations around line 70
For your usecase, if you don't want to be restricted to ::1/128 you could maybe replace the 127/8 by fc00::/7 but it would require setting the link up while I want everything to be automatic