Configure Unbound Local IP Ranges

I have just installed Unbound on my Raspberry Pi together with Pi-Hole using this guide. It seems to be working fine, however, I have a question about the last section of the pi-hole.conf file.

Is this section supposed to be changed based on my local IP range? Say if my router is set up to use the range 10.20.30.xx should I remove all lines in this section and add private-address: 10.20.0.0/16?

    # Ensure privacy of local IP ranges
    private-address: 192.168.0.0/16
    private-address: 169.254.0.0/16
    private-address: 172.16.0.0/12
    private-address: 10.0.0.0/8
    private-address: fd00::/8
    private-address: fe80::/10

Keep them.

You might not notice them, but especially link-local addresses may appear in your network (temporarily or lingering about) without you explicitly defining them, as they are meant to be auto-configured by a network device.

The lines you listed cover (almost) all IP address ranges that are explicitly reserved for private and link-local addresses and should never be used publicly. Some of them are not even routable.

The only range missing would be fc00::/8 (from the same fc00::/7 address block as the fd00::/8 for ULAs, already listed), which remains reserved while its purpose is currently undefined (i.e. should not be used in IP address assignments).

That covers 10.0.0.1 - 10.255.255.254. The block of private-address subnets covers every possible RFC1918 private address space allocation.

1 Like

Thank you both for the clarifications :ok_hand: