• X_Cli@lemmy.ml
    link
    fedilink
    arrow-up
    8
    ·
    edit-2
    3 years ago

    Being a network security specialist, I’ll ask these basic questions:

    • what’s the universal definition of a private network?
    • does this measure make sense in IPv6 within the global scope?
    • is it the responsibility of the browser to secure against DNS rebinding?

    My answers to these questions are:

    • there is no universal definition, so this approach is doomed by design
    • no
    • heck, no; that’s the job of the webserver, by avoiding the so-called default virtual host. The Host/:authority header should always be verified, and this is sufficient to counter all forms of DNS rebinding.