Comments on: Finally, a real solution to DNS rebinding attacks

By: Internet Evolution - Jart Armin - Router Hacking Takes Stage at Black Hat

Internet Evolution - Jart Armin - Router Hacking Takes Stage at Black Hat — Thu, 29 Jul 2010 19:13:41 +0000

[...] Fortunately, Ulevitch wrote, �OpenDNS has secured users from DNS rebinding attacks for a long time.� [...]

By: OpenDNS Blog » Calling Craig Heffner

OpenDNS Blog » Calling Craig Heffner — Tue, 27 Jul 2010 18:33:02 +0000

[...] it to address. The only information we have is that this deals with DNS Rebinding. Fortunately, OpenDNS has secured users from DNS rebinding attacks for a long time. But we don’t know what’s different about Craig’s new rebinding [...]

By: David Ulevitch

David Ulevitch — Mon, 28 Apr 2008 14:36:20 +0000

Macmend,

If you add the domain of your WAN VPN or other trusted domain to your “typo exceptions” and your “whitelist domains” list then we will allow those answers to pass through as trusted and unchecked.

Terje,

Because of potential support issues like the one raised by macmend above we have decided to have the feature turned off by default for the time being. Over time as we gain confidence that it doesn’t break things, we might make it the default for new users.

By: macmend

macmend — Mon, 28 Apr 2008 12:47:59 +0000

yes but how does this effect WAN VPNs, internal mail services, etc that rely on internal repsonses?

By: Terje Petersen

Terje Petersen — Mon, 28 Apr 2008 12:45:33 +0000

Whilst it makes sence to have this as an op-in feature for existing OpenDNS users it would make sense to have this option turned on by default for any new accounts.

By: Tom Glover

Tom Glover — Tue, 15 Apr 2008 10:47:10 +0000

Very Good Idea, I do believe that some of the fault is blamed on the browsers but, having a dns service that block this issue completely is brilliant and with nothing extra to install it is even better.