Hi Tony, Thanks for the revert however, in my scenario I have Windows AD server is being used as a Authoritative DNS for exmaple.local which has forwarding set to BIND acting as a RPZ and wanting to see if we can conceal this vulnerability on BIND.
I think since BIND is not a NS for example domain even if I enable this protection on BIND not sure if that would take effect? Thanks and Regards, Blason R On Mon, Jan 28, 2019 at 4:05 PM Tony Finch <d...@dotat.at> wrote: > Blason R <blaso...@gmail.com> wrote: > > > > Can someone guide me on prevention and possible configuration in BIND > from > > DNS Re-bind attack? > > Have a look for "rebinding" in > https://ftp.isc.org/isc/bind9/9.12.0/doc/arm/Bv9ARM.ch06.html > > There is evidence that very few people are using `deny-answer-aliases` > https://kb.isc.org/docs/aa-01639 though it's unclear to me whether that is > also true for `deny-answer-addresses`. > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ > Thames, Dover: Northwest 6 to gale 8, decreasing 4 or 5, backing southwest > later. Moderate or rough becoming slight or moderate. Showers. Good. >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users