Use a browser that maintains its own address cache tied to the HTTP session. That is the only way to safely deal with rebinding attacks. Rebinding attacks have been known about for years. There is zero excuse for not using a browser with such protection.
> On 26 Oct 2018, at 12:02 pm, Grant Taylor via bind-users > <bind-users@lists.isc.org> wrote: > > Is there a way to enforce a minimum TTL? > > My initial searching indicated that ISC / BIND developers don't include a way > to do so on a matter of principle. > > I'd like to enforce a minimum TTL of 5 minutes (300 seconds) on my private > BIND server at home. I'm wanting to use this as a method to thwart DNS > Rebinding attacks. > > I've already got RPZ filtering out what IANA defines as Special Purpose IPv4 > addresses. But this does nothing to prevent rebinding to a different IP on > the globally routed Internet, or squatters that are re-using someone else's > IP space (i.e. ISP's abusing DoD IP space for CGN). > > > > -- > Grant. . . . > unix || die > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
