[dns-operations] Use of Views/ACLs to defeat DNS rebinding/pinning attacks?
simonw at zynet.net
Tue Aug 7 08:08:23 UTC 2007
On Monday 06 August 2007 20:19, Roland Dobbins wrote:
> Has anyone played around sufficiently with BIND ACLs and Views in
> order to determine whether or not they can be used to effect a
> defense against these types of attacks?
Of course it can't, this is a problem that is a result of design decisions for
browsers and browser plugins (mostly plugins), in most (all?) cases the DNS
is functioning as designed.
One might mitigate some of these attacks, by subverting the DNS, and avoiding
responses with short TTL, but down that path lies madness - since one is
trying to fix a browser problem at a lower level.
More information about the dns-operations