DNS rebinding attack prevention on adam:ONE®

DNS rebinding is a method of using public DNS records, such as localhost.fictitious.io to resolve to a private rfc1918 IP address, such as, for example. This can then be used in an attack.

adam:ONE® offers protection against DNS rebinding by default with this config option included at installation time:


Using the above example, if a given application needs to function with it, using public DNS services, by default DNS rebind protection would show the following in your mytools.management/log:

The BL - System | private IP address indicates that DNS rebind protection prevented it from resolving to

Managing Exceptions

There are many real-life applications that interact with a local web services. For such domains, there’s a simple way to manage exceptions without disabling DNS rebinding protection altogether.

  1. Create a rule of type Forwarding Rule from the dashboard → My Rules → New Rule of type Forwarding, and forward the required domain to, which is a public resolver that never filters any FQDN:

  2. Enable the rule on all policies that require it:

  3. Run the same query again and confirm it resolves:
    % dig localhost.fictitious.io +short

1 Like