[dns-operations] Use of Views/ACLs to defeat DNS rebinding/pinning attacks?

Roland Dobbins rdobbins at cisco.com
Tue Aug 7 09:51:11 UTC 2007

On Aug 7, 2007, at 1:08 AM, Simon Waters wrote:

> Of course it can't, this is a problem that is a result of design  
> decisions for
> browsers and browser plugins (mostly plugins), in most (all?) cases  
> the DNS
> is functioning as designed.

I understand that it's not a DNS problem; I was wondering whether or  
not one could simply manually filter/rewrite answers for FQDNS which  
are outside one's SOA scope, yet are answered by the attacker as  
being within one's own IP address ranges, as something of a defensive  

Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

	Culture eats strategy for breakfast.

            -- Ford Motor Company

More information about the dns-operations mailing list