Avoiding DNS Rebinding Attacks避免攻击的DNS重新绑定

I’ve talked about the benefits of the我已经谈论的好处 OpenDNS system as an alternative way of connecting to websites rather than using your ISP’s DNS servers.系统作为替代的方式连接到网站，而不是使用您的ISP的DNS服务器。 It offers built-in它提供了内置的 phishing protection网络钓鱼防护 , filtering ( ，过滤（ adult content成人内容 , for example), it can automatically correct URL typos you make in the address bar, and allows you to create shortcuts you can use across your network of computers rather than having to duplicate them from browser to browser.举例来说） ，它可以自动正确的网址错字你在地址栏中，并允许您创建的快捷方式您可以使用网络上的计算机，而不是重复他们的浏览器浏览器。

Now, OpenDNS has addressed another important security issue, so-called现在， OpenDNS讨论了另一个重要的安全问题，所谓的 DNS Rebinding的DNS重新绑定 . 。 A DNS rebinding attack involves an attacker registering a domain which is delegated to a DNS server they control.重新绑定的DNS攻击，攻击者涉及注册域名是授给一个DNS服务器，他们控制。 The server is configured to respond with a very short time-to-live (TTL) parameter set which prevents the response from being cached.该服务器配置为响应很短的时间内生存期（ TTL ）参数设置阻止的反应被缓存。 Such an attack can be used to subvert the same-origin policy and convert your browser into an open network proxy.这种攻击可以用来颠覆同一原产地的政策和您的浏览器转换成一个开放的网络代理。

The resulting mayhem means your firewall is breached and hackers can get direct access to internal documents and services.由此产生的混乱意味着你的防火墙是违反和黑客可以直接进入内部文件和服务。 With less than $100 a cyber-crook could temporarily hijack 100,000 internet (IP) addresses to send their on spam, phish, and to defraud pay-per-click advertisers by turning your browser into an ad-clicking bot.不到100美元的网络骗子可能会暂时劫持100000互联网（ IP ）地址将其对垃圾邮件，诱骗，诈骗和按点击付费的广告客户，把您的浏览器成为广告点击傀儡。 OpenDNS explains the issue: OpenDNS说明问题：

Suspicious responses are DNS replies that contain data that might be malicious or otherwise unwanted. 可疑反应的DNS答复中包含的数据可能被恶意或其他有害的。 Unlike the rest of our filtering features, which filter based on the domain being looked up, these tools filter based on the contents of the reply. 不同于其他的过滤功能，其中过滤器为基础的网域正在抬头，这些工具的基础上筛选内容的答复。

By enabling the filter to block internal IP addresses listed in RFC1918, the system can prevent such DNS Rebinding attacks. ，使过滤器拦截的内部IP地址列在RFC1918 ，该系统可以防止此类攻击的DNS重新绑定。 For example, if badstuff.attacker.com points to 192.168.1.1 (which should be an internal address on your network), the option would filter out the response.例如，如果badstuff.attacker.com点，至192.168.1.1 （这应该是一个内部地址，您的网络）中，选择将筛选出的反应。 Making you all safe and sound once again.让你的所有安全和无害再次。