Enforcing minimum TTL...
Matus UHLAR - fantomas
uhlar at fantomas.sk
Fri Oct 26 07:23:40 UTC 2018
>On 10/25/2018 09:27 PM, Mark Andrews wrote:
>>Use a browser that maintains its own address cache tied to the HTTP
>>session. That is the only way to safely deal with rebinding
>>attacks. Rebinding attacks have been known about for years. There
>>is zero excuse for not using a browser with such protection.
On 25.10.18 21:50, Grant Taylor via bind-users wrote:
>That is sound advice.
>
>Unfortunately it does not answer my question of is there a way to
>enforce a minimum TTL (with BIND).
there is not.
>Nor does it protect less intelligent browsers or (IoT) devices.
using short TTLs is very risky, and forcing minimum TTL is apparently not
way to work around.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
REALITY.SYS corrupted. Press any key to reboot Universe.
More information about the bind-users
mailing list