Public IP DNS rebinding: Another reason not to use default
Steve Gibson on Security Now Episode #673 (show notes PDF) had great coverage on the DNS rebinding attack, after already having covered it in episode #260. A setting is available in pfSense that is used to enable this setting in the pfSense UI (2.3+) under System -> Advanced: DNS rebinding attacks have been known for quite a long time. For example, Stanford Web Security Research Team posted a whitepaper about DNS rebinding attacks in 2007. But even if it's a well-known type of attacks, nowadays you still can find software systems which are vulnerable to DNS rebinding attacks. // first time the browser sees this domain it queries the dns server // and gets 220.127.116.11 // sleep for more than 2 sec xhr.open(‘GET’, ‘czg9g2olz.81-4-124-10.127-0-0-1.rebind.43z.one’, false) xhr.send() // still uses 18.104.22.168 (AND NOT 127.0.0.1) // NO dns query happened browser used cached IP. This is a problem for this kind of Now DNS requests for domain names contained in the list of exceptions will receive a response even if the DNS response points to an IP address in the FRITZ!Box home network. Important: If you configure exceptions for DNS rebind protection in the FRITZ!Box, you should use a firewall on every computer in the home network.
To test this, I've removed the stop-dns-rebind from /tmp/dnsmasq.conf and tried killall dnsmasq and then launched it again. It works fine now, so this is definitely the issue. I'd like to switch to a build with the option to disable this, but I can no longer flash the router.
DNS rebind protection. Posted July 26, 2018 by David Redekop to DNS Security. The green circle is what you’re looking for on your local DNS server on your LAN. Then, and only then, according to GRC DNS benchmark freeware, do you pass the test of private IPs being stripped from public DNS queries. No DNS resolution of private IP addresses | FRITZ!Box 7390 In the "Domain name exceptions" field in the "DNS Rebind Protection" section, enter the name of the domain for which DNS rebind protection should not apply. If the field is not displayed, enable the Advanced View first. If you want to define exceptions for several domain names, enter the domain names separated by a line break. Example: my
Sep 05, 2018 · Domain Name System (DNS), defined in several Request for Comments (RFC) documents, performs a single task: translating user-friendly hostnames to IPv4 or IPv6 addresses. The DNS server in Windows
Jul 24, 2016 · Homenetwork -> Overview -> NetworkSettings . . . at the bottom of the page is the DNS Rebind section here you may then enter the domains or in German Heimnetzwerk -> Netzwerkübersicht .> Netzwerkeinstellungen. works very well. just add “plex.direct” w/o “” to the list! Under the hood, this tool makes use of a public whonow DNS server running on rebind.network:53 to execute the DNS rebinding attack and fool the victim's web browser into violating the Same-origin policy.