Speaking of rebinding attacks... does anyone know why cloudflare's 1.1.1.1 resolver doesn't enforce this? It's the only "big" public one I know of that happily resolves RFC1918 IPs.
That's a terrible idea. For one, RFC1918 addresses are perfectly fine IP addresses, and as such are perfectly fine to put into DNS, but also, if your security depends on this, you are not secure, because rebinding attacks work just as well with non-RFC1918 addresses if that's what you happen to be using on your local network, so devices and software have to be secured against rebinding attacks with a non-filtering DNS anyway.
Plus, it just breaks things. More than once have I had the problem of trying to serve files to other devices on a LAN I was visiting, only for their idiotic local resolver to helpfully refuse resolving the host name of my laptop because, oh surprise, it resolved to an address on that LAN!
Probably because things would break in subtle and confusing ways if they did.
E.g. you have a build server and chose to use live DNS to point at it artifacts on an internal network because it was simpler to just edit a single zone file.
