DNS Re-binding Attack Prevention with BIND
Tony Finch
dot at dotat.at
Mon Jan 28 10:35:36 UTC 2019
Blason R <blason16 at gmail.com> wrote:
>
> Can someone guide me on prevention and possible configuration in BIND from
> DNS Re-bind attack?
Have a look for "rebinding" in
https://ftp.isc.org/isc/bind9/9.12.0/doc/arm/Bv9ARM.ch06.html
There is evidence that very few people are using `deny-answer-aliases`
https://kb.isc.org/docs/aa-01639 though it's unclear to me whether that is
also true for `deny-answer-addresses`.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Thames, Dover: Northwest 6 to gale 8, decreasing 4 or 5, backing southwest
later. Moderate or rough becoming slight or moderate. Showers. Good.
More information about the bind-users
mailing list