Hacker News new | ask | show | jobs
by edwintorok 2218 days ago
DNS rebinding can be fixed at the DNS server level. OpenWRT has an option for it. But this websocket thing in browsers can't easily be turned off/mitigated AFAICT.
4 comments
bawolff 2218 days ago
Well if you are going to use custom software to alter how protocols work, you could just change your web browser.
link
inetknght 2218 days ago
> DNS rebinding can be fixed at the DNS server level.

Let me know how that works with DNS over HTTP

link
gruez 2218 days ago
>DNS rebinding can be fixed at the DNS server level

You can't always depend on that. eg. when you're on public/enterprise wifi that intercepts DNS requests.

link
Avamander 2217 days ago
This is why a local stub is a very good idea.
link
m00dy 2218 days ago
Or you can have this on firewall level.
link
cjbprime 2217 days ago
No you can't -- the request from the browser is coming from inside the firewall, on an internal IP.
link
m00dy 2217 days ago
well, I meant that there are some special firewalls that you can handle dns-rebinding attacks.
link
oriettaxx 2217 days ago
exactly!
link