On 10/25/2018 09:27 PM, Mark Andrews wrote:
Use a browser that maintains its own address cache tied to the HTTP
session. That is the only way to safely deal with rebinding
attacks. Rebinding attacks have been known about for years. There
is zero excuse for not using a browser with such protection.
On 25.10.18 21:50, Grant Taylor via bind-users wrote:
That is sound advice.
Unfortunately it does not answer my question of is there a way to
enforce a minimum TTL (with BIND).
there is not.
Nor does it protect less intelligent browsers or (IoT) devices.
using short TTLs is very risky, and forcing minimum TTL is apparently not
way to work around.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
REALITY.SYS corrupted. Press any key to reboot Universe.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
