Enforcing minimum TTL...

Grant Taylor via bind-users Thu, 25 Oct 2018 18:01:41 -0700

Is there a way to enforce a minimum TTL?

My initial searching indicated that ISC / BIND developers don't include a way to do so on a matter of principle.

I'd like to enforce a minimum TTL of 5 minutes (300 seconds) on my private BIND server at home. I'm wanting to use this as a method to thwart DNS Rebinding attacks.

I've already got RPZ filtering out what IANA defines as Special Purpose IPv4 addresses. But this does nothing to prevent rebinding to a different IP on the globally routed Internet, or squatters that are re-using someone else's IP space (i.e. ISP's abusing DoD IP space for CGN).




--
Grant. . . .
unix || die

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Enforcing minimum TTL...

Reply via email to