To prevent DNS rebind attacks you should check for private IP addresses in DNS responses.[^1] If a dig command shows that a DNS resolves to both private and public IP addresses.[^1] If the response alternates between these internal and external IP can indicate a DNS rebinding.[^1] Repeated DNS queries to the same domain or unexpected requests to IP ranges may indicate a DNS rebind attack.[^1] Javascript errors in cross-origin restrictions can indicate an ongoing DNS rebind attack.[^1] Frequent A record changes from a single domain may also indicate a DNS rebind attack.[^1] Wireshark can be used to identify external sites that are attempting to reach private IP addresses.[^1] You should use HTTPS and authentication for internal services.[^1] Your DNS resolvers should block responses that return, private, loopback, or non-routable IP addresses.[^1] You can also restrict javascript execution to prevent these attacks.[^1]
Backlinks
[[dig Command]]
[[DNS Rebind Attack]]
IP Addresses
[[JavaScript]]
Sources
[1]paloaltonetworks_dnsRebinding