What options do I have for blocking DNS query responses containing a specific IP address or range?
I'm reading up on DNS Rebinding attacks, and wondering how I might block them.
When an attacker attempts a rebinding attack, they will attempt to trick the browser into believing that the malicious content was served from 127.0.0.1
or an address within my LAN. They do so by configuring their DNS server to serve the fraudulent address (when queried from within the malicious script). I would like to prevent this by blocking all responses to forwarded DNS queries that result in a local or LAN address.
I use a Bind9 zone for my local network and use forwarders to resolve external addresses.
The Bind box is a Debian server behind my NAT router. It runs UFW for firewall, and allows TCP/UDP over port 53.