DNS Rebinding

DNS rebinding is an attack that exploits the browser's same-origin policy by first resolving a domain to an attacker-controlled server, then rapidly rebinding the domain's [[dns|DNS]] record to an internal IP address (such as 192.168.1.1). This tricks the browser into treating the attacker's website as if it were the local network device, allowing malicious JavaScript to make requests to internal services that are normally inaccessible from the public internet. DNS rebinding can be used to attack routers, smart home devices, and internal corporate services. [[dnssec|DNSSEC]] does not prevent rebinding; mitigations include DNS-over-HTTPS with rebinding protection, short negative TTLs, and firewall rules.