What is DNS Rebinding Protection?

3 yrs ago
5replies

DNS rebinding is a method of manipulating resolution of domain names that is commonly used as a form of computer attack. In this attack, a malicious web page causes visitors to run a client-side script that attacks machines elsewhere on the network. In theory, the same-origin policy prevents this from happening: client-side scripts are only allowed to access content on the same host that served the script. Comparing domain names is an essential part of enforcing this policy, so DNS rebinding circumvents this protection by abusing the Domain Name System (DNS).

This protection is not turned on by default, because it could interfere with some configurations purposely working with private IPs. If it is not the case for you, it is a good idea to turn this one.

- Brandon.1
- 3 yrs ago
- Reported - view
Please allow us to enable it and whitelist certain domains (i.e. any subdomain of example.com) that can respond with private IPs.
- NextDNs
  
  3 yrs ago
  
  Reported - view
  Brandon this is already the case
- s_pere
  
  2 yrs ago
  
  Reported - view
  NextDNS Is this already a feature now? If so, where is this setting to whitelist specific IPs? Thanks
- Jo_Strasser
  
  1 yr ago
  
  Reported - view
  NextDNS is a block caused by the DNS Rebinding Protection visible in the logs? Thanks!
- Aisan_Estrella
- 3 yrs ago
- Reported - view
bumping this feature request