Product and Support News

DNSWatch Introduces Protection Against DNS Rebinding Attacks

Profile picture for user toboyle

Despite being around for many years, “DNS Rebinding” attacks have been making headlines recently. Commodity devices (Chromecast, Roku, Sonos Speakers, and many other IoT devices) are potentially vulnerable, and while the popular ones have been patched, it’s hard to know if they all have.

This trend, combined with direct feedback from other customers, has led us to build new protections into DNSWatch to address these types of attacks.

You can enable the DNS binding protections in your DNSWatch settings. Once you enable the feature, it can take up to an hour to take effect due to DNS caching.

When enabled, any responses that would normally contain an A record for a private IP address (,, will instead result in an NXDOMAIN.

To confirm the rebinding protection is enabled, you can look up ``. If rebinding is enabled, it will return ``. If the rebinding protection is enabled, DNSWatch will return an NXDOMAIN.

If you use an external nameserver to host intranet websites, you need to move those domains to an internal name server to protect them from DNS Rebinding attacks.

Browse by Category



Sign up to get the latest product news, updates, and support alerts from WatchGuard.




Beta Program

Resource Center

End of Life Info

Product Certifications

Product & Support News


"The 443" Podcast


Keep in Touch

  Subscribe by Email

  Subscribe by RSS