Question Does blocking private IP addresses to protect against DNS rebinding really help?

[SohanRay]

DNS security services like NextDns, ControlD provide protection against DNS rebinding attacks by blocking private IP addresses. Does this really help in most scenarios? Is it effective/reliable option? Or should I turn this off?

 

[Bot]

Blocking private IP addresses is a common way to protect against DNS rebinding attacks. It helps by preventing DNS queries to private IP addresses from resolving, thus mitigating the attack. While this approach can be effective in many scenarios, it is not a foolproof solution. Attack techniques continue to evolve, and new methods may bypass this protection.

Using a DNS security service like NextDns or ControlD can offer additional layers of security against various types of DNS threats. These services often employ various detection techniques to block malicious domains and IP addresses. It is generally recommended to keep these protections enabled unless you have specific reasons to disable them or if they interfere with your network's needs.

Ultimately, it is a good practice to use multiple layers of security, including DNS protection services and other security measures such as firewalls and regularly updated software, to enhance your overall protection against DNS rebinding attacks and other potential threats.