DNS Re-binding Attack Prevention with BIND
Blason R
blason16 at gmail.com
Mon Jan 28 11:13:02 UTC 2019
Hi Tony,
Thanks for the revert however, in my scenario I have Windows AD server is
being used as a Authoritative DNS for exmaple.local which has forwarding
set to BIND acting as a RPZ and wanting to see if we can conceal this
vulnerability on BIND.
I think since BIND is not a NS for example domain even if I enable this
protection on BIND not sure if that would take effect?
Thanks and Regards,
Blason R
On Mon, Jan 28, 2019 at 4:05 PM Tony Finch <dot at dotat.at> wrote:
> Blason R <blason16 at gmail.com> wrote:
> >
> > Can someone guide me on prevention and possible configuration in BIND
> from
> > DNS Re-bind attack?
>
> Have a look for "rebinding" in
> https://ftp.isc.org/isc/bind9/9.12.0/doc/arm/Bv9ARM.ch06.html
>
> There is evidence that very few people are using `deny-answer-aliases`
> https://kb.isc.org/docs/aa-01639 though it's unclear to me whether that is
> also true for `deny-answer-addresses`.
>
> Tony.
> --
> f.anthony.n.finch <dot at dotat.at> http://dotat.at/
> Thames, Dover: Northwest 6 to gale 8, decreasing 4 or 5, backing southwest
> later. Moderate or rough becoming slight or moderate. Showers. Good.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190128/7ea90d98/attachment.html>
More information about the bind-users
mailing list