dnsmasq: stop dns-rebind attacks

Hi, in this years Black Hat conference, Craig Heffner will show an attack against many home routers which is based on DNS rebinding. This article shows you, how to disable it on dnsmasq.

DNS rebinding is based on the following scheme (thanks to Mitternachtshacking - article in german):

Everything runs under the same-origin-policy.

To prevent dnsmasq from accepting this, just add the following to the dnsmasq commandline:

--stop-dns-rebind

With Debian Lenny, you just need to add this line in the file /etc/default/dnsmasq:

DNSMASQ_OPTS="--stop-dns-rebind"

Bye, Sven