Either I’m just blind or I never actually got into the nitty gritty of testing DNS pinning in Mozilla’s Firefox, but I never realized until today that Firefox doesn’t actually pin DNS at all. I guess you learn something new every day. For a project un-related to security, a customer needed to fail over to another domain, and they wanted to know how quickly they could do that without necessarily taking their primary site offline in the process. So we started doing some tests. Internet Explorer pins DNS for 30 minutes it looks like. Still short in my mind, but according to the documentation I could find that’s because 24 hours or more broke a lot of things (I’m imagining things like Dyndns and so on.)
All the documentation I could find online was erroneous and said that Firefox rebound DNS in one minute. In reality Firefox rebound DNS as fast as the DNS time to live expired. We got it to switch DNS within one second. Meaning there was no need for that trick where you close down the port or firewall off the client IP address or anything similar. Nope, all you need to do is turn down the TTL and you’ve got yourself a DNS rebinding scenario. Seems really surprising to me and makes the whole attack way easier on Mozilla since now all you need is access to DNS and a web server to make it work (no access to anything else required). I don’t know why I thought DNS pinning existed in Mozilla’s browser. Has something changed? Can someone verify?