[dns-operations] Use of Views/ACLs to defeat DNS rebinding/pinning attacks?

Roland Dobbins rdobbins at cisco.com
Tue Aug 7 09:54:11 UTC 2007

On Aug 7, 2007, at 1:09 AM, Lutz Donnerhacke wrote:

> There is no defense to DNS Rebinding attacks.

This isn't quite true, is it?  After all, there are some firewalls  
which apparently can rewrite answers in order to filter out the  
poison-pill answers which attempt to place a non-native FQDN inside a  
site's internal address space; if these firewalls can do it, my  
question was, can we also do it with a combination of BIND ACLs and  

Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

	Culture eats strategy for breakfast.

            -- Ford Motor Company

More information about the dns-operations mailing list