Comments on: Finally, a real solution to DNS rebinding attacks http://blog.opendns.com/2008/04/14/finally-a-real-solution-to-dns-rebinding-attacks/ Making the Internet safer and faster Fri, 29 Aug 2008 08:15:51 +0000 http://wordpress.org/?v=2.2.2 By: David Ulevitch http://blog.opendns.com/2008/04/14/finally-a-real-solution-to-dns-rebinding-attacks/#comment-187261 David Ulevitch Mon, 28 Apr 2008 14:36:20 +0000 http://blog.opendns.com/2008/04/14/finally-a-real-solution-to-dns-rebinding-attacks/#comment-187261 Macmend, If you add the domain of your WAN VPN or other trusted domain to your "typo exceptions" and your "whitelist domains" list then we will allow those answers to pass through as trusted and unchecked. Terje, Because of potential support issues like the one raised by macmend above we have decided to have the feature turned off by default for the time being. Over time as we gain confidence that it doesn't break things, we might make it the default for new users. :-) Macmend,

If you add the domain of your WAN VPN or other trusted domain to your “typo exceptions” and your “whitelist domains” list then we will allow those answers to pass through as trusted and unchecked.

Terje,

Because of potential support issues like the one raised by macmend above we have decided to have the feature turned off by default for the time being. Over time as we gain confidence that it doesn’t break things, we might make it the default for new users. :-)

]]> By: macmend http://blog.opendns.com/2008/04/14/finally-a-real-solution-to-dns-rebinding-attacks/#comment-187224 macmend Mon, 28 Apr 2008 12:47:59 +0000 http://blog.opendns.com/2008/04/14/finally-a-real-solution-to-dns-rebinding-attacks/#comment-187224 yes but how does this effect WAN VPNs, internal mail services, etc that rely on internal repsonses? yes but how does this effect WAN VPNs, internal mail services, etc that rely on internal repsonses?

]]> By: Terje Petersen http://blog.opendns.com/2008/04/14/finally-a-real-solution-to-dns-rebinding-attacks/#comment-187223 Terje Petersen Mon, 28 Apr 2008 12:45:33 +0000 http://blog.opendns.com/2008/04/14/finally-a-real-solution-to-dns-rebinding-attacks/#comment-187223 Whilst it makes sence to have this as an op-in feature for existing OpenDNS users it would make sense to have this option turned on by default for any new accounts. Whilst it makes sence to have this as an op-in feature for existing OpenDNS users it would make sense to have this option turned on by default for any new accounts.

]]> By: Tom Glover http://blog.opendns.com/2008/04/14/finally-a-real-solution-to-dns-rebinding-attacks/#comment-182255 Tom Glover Tue, 15 Apr 2008 10:47:10 +0000 http://blog.opendns.com/2008/04/14/finally-a-real-solution-to-dns-rebinding-attacks/#comment-182255 Very Good Idea, I do believe that some of the fault is blamed on the browsers but, having a dns service that block this issue completely is brilliant and with nothing extra to install it is even better. Very Good Idea, I do believe that some of the fault is blamed on the browsers but, having a dns service that block this issue completely is brilliant and with nothing extra to install it is even better.

]]>