nanog mailing list archives

Re: dns cache beyond ttl - viasat / exede

From: Tony Finch <dot () dotat at>
Date: Tue, 8 Oct 2019 12:21:58 +0100

William Herrin <bill () herrin us> wrote:


You may be looking at a web browser "feature" called "DNS pinning." This is
used to defeat the "DNS rebinding" attack on javascript that would allow a
web site to instruct a browser to scan the interior behind its user's
firewall by having an attacker rotate the IP addresses used for
Javascript's allowed server name.

Depending on the implementation, DNS pinned browsers may not recognize a
change to your IP address until the browser is stopped and restarted.


I thought DNS pinning was only for the lifetime of the web page, so
closing the tab (or all tabs open on the site...) should be enough, if a
reload isn't.

Tony.
-- 
f.anthony.n.finch  <dot () dotat at>  http://dotat.at/
democracy, participation, and the co-operative principle

Current thread:

dns cache beyond ttl - viasat / exede Mike (Oct 07)
- Re: dns cache beyond ttl - viasat / exede Andrew Kerr (Oct 07)
- Re: dns cache beyond ttl - viasat / exede Brielle (Oct 07)
  - Re: dns cache beyond ttl - viasat / exede William Herrin (Oct 07)
    - Re: dns cache beyond ttl - viasat / exede Brielle (Oct 07)
    - Re: dns cache beyond ttl - viasat / exede William Herrin (Oct 07)
    - Re: dns cache beyond ttl - viasat / exede Brielle (Oct 08)
- Re: dns cache beyond ttl - viasat / exede Sabri Berisha (Oct 07)
- Re: dns cache beyond ttl - viasat / exede William Herrin (Oct 07)
  - Re: dns cache beyond ttl - viasat / exede Tony Finch (Oct 08)
    - Re: dns cache beyond ttl - viasat / exede William Herrin (Oct 08)
- Re: dns cache beyond ttl - viasat / exede Stephen Satchell (Oct 07)