[dns-operations] Use of Views/ACLs to defeat DNS rebinding/pinning attacks?

Simon Waters simonw at zynet.net
Tue Aug 7 08:08:23 UTC 2007

On Monday 06 August 2007 20:19, Roland Dobbins wrote:
> Has anyone played around sufficiently with BIND ACLs and Views in
> order to determine whether or not they can be used to effect a
> defense against these types of attacks?
> <http://crypto.stanford.edu/dns/>

Of course it can't, this is a problem that is a result of design decisions for 
browsers and browser plugins (mostly plugins), in most (all?) cases the DNS 
is functioning as designed.

One might mitigate some of these attacks, by subverting the DNS, and avoiding 
responses with short TTL, but down that path lies madness - since one is 
trying to fix a browser problem at a lower level.

More information about the dns-operations mailing list