Enforcing minimum TTL...
Grant Taylor
gtaylor at tnetconsulting.net
Fri Oct 26 01:02:07 UTC 2018
Is there a way to enforce a minimum TTL?
My initial searching indicated that ISC / BIND developers don't include
a way to do so on a matter of principle.
I'd like to enforce a minimum TTL of 5 minutes (300 seconds) on my
private BIND server at home. I'm wanting to use this as a method to
thwart DNS Rebinding attacks.
I've already got RPZ filtering out what IANA defines as Special Purpose
IPv4 addresses. But this does nothing to prevent rebinding to a
different IP on the globally routed Internet, or squatters that are
re-using someone else's IP space (i.e. ISP's abusing DoD IP space for CGN).
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20181025/a79b3faa/attachment.bin>
More information about the bind-users
mailing list