Re: DNS Re-binding Attack Prevention with BIND

2019-01-28 Thread Grant Taylor via bind-users
On 01/28/2019 02:22 AM, Blason R wrote: Can someone guide me on prevention and possible configuration in BIND from DNS Re-bind attack? Please clarify what you mean by "rebinding" and what you're trying to protect against. From one of you other messages, you indicate that you are already usin

Re: DNS Re-binding Attack Prevention with BIND

2019-01-28 Thread Grant Taylor via bind-users
On 01/28/2019 04:13 AM, Blason R wrote: Thanks for the revert however, in my scenario I have Windows AD server is being used as a Authoritative DNS for exmaple.local which has forwarding set to BIND acting as a RPZ and wanting to see if we can conceal this vulnerability on BIND. Am I understa

Re: DNS Re-binding Attack Prevention with BIND

2019-01-28 Thread Tony Finch
Blason R wrote: > > not sure if that would take effect? Based on your description, neither am I, I'm afraid. Tony. -- f.anthony.n.finchhttp://dotat.at/ Trafalgar: North or northwest 5 or 6. Moderate or rough. Showers. Good. ___ Please visit https:

Re: DNS Re-binding Attack Prevention with BIND

2019-01-28 Thread Blason R
Hi Tony, Thanks for the revert however, in my scenario I have Windows AD server is being used as a Authoritative DNS for exmaple.local which has forwarding set to BIND acting as a RPZ and wanting to see if we can conceal this vulnerability on BIND. I think since BIND is not a NS for example domai

Re: DNS Re-binding Attack Prevention with BIND

2019-01-28 Thread Tony Finch
Blason R wrote: > > Can someone guide me on prevention and possible configuration in BIND from > DNS Re-bind attack? Have a look for "rebinding" in https://ftp.isc.org/isc/bind9/9.12.0/doc/arm/Bv9ARM.ch06.html There is evidence that very few people are using `deny-answer-aliases` https://kb.isc.

DNS Re-binding Attack Prevention with BIND

2019-01-28 Thread Blason R
Hi Team, Can someone guide me on prevention and possible configuration in BIND from DNS Re-bind attack? Thanks and Regards, Blason R ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing li