DNS Rebinding Check
developer/v1/dns/rebindingTests if a domain's DNS configuration is vulnerable to DNS rebinding attacks — referenced in OWASP Top 10 (2021) A10: Server-Side Request Forgery. DNS rebinding is a subset of SSRF attacks that exploits DNS to bypass same-origin policy and access internal networks.
What It Does
Analyzes DNS configuration for rebinding attack indicators: very low TTLs (under 60 seconds), multiple A records with mixed internal/external IPs, and CNAME chains that could facilitate rebinding. Checks all RFC 1918 private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), loopback (127.0.0.0/8), link-local (169.254.0.0/16), cloud metadata endpoints (169.254.169.254), and RFC 5737 documentation ranges (TEST-NET-1/2/3). Also detects IPv6 private addresses (::1, fc00::/7, fe80::/10) and transition mechanisms (Teredo 2001::/32, 6to4 2002::/16, NAT64 64:ff9b::/96). Provides risk assessment and mitigation recommendations.
Why It's Useful
Browser mitigations like DNS pinning and Chrome's Private Network Access (PNA) provide partial protection, but server-side applications remain vulnerable. This endpoint helps identify domains configured for potential rebinding attacks against internal services, image proxies, and OAuth callbacks.
Use Cases
Web Application Security
Assess if any external domains used by your application could resolve to internal IPs. Critical for applications that fetch user-supplied URLs (image proxies, OAuth callbacks).
Identify and mitigate DNS rebinding risks before exploitation.
Internal Network Protection
Evaluate if external domains could be used to rebind to internal services.
Protect internal services from browser-based rebinding attacks.
SSRF Prevention Validation
Validate that your SSRF protection correctly blocks DNS rebinding — test domains should not resolve to private IPs even with low TTLs.
Verify SSRF defenses against DNS-based bypasses before deployment.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to check for rebinding vulnerabilityExample: example.com |
Response Fields
| Field | Type | Description |
|---|---|---|
domain | string | The queried domain |
is_vulnerable | boolean | Whether rebinding risk is detected |
risk | string | Risk level: low, medium, high |
has_multiple_ips | boolean | Whether domain resolves to multiple IP addresses |
ips | array | IPv4 addresses the domain resolves to |
ipv6_ips | array | IPv6 addresses the domain resolves to |
has_private_ip | boolean | Whether any resolved IP is in a private range |
private_ips | array | Private/internal IP addresses found |
has_low_ttl | boolean | Whether TTL is below 60 seconds (rebinding indicator) |
min_ttl | number | Minimum TTL value across DNS records |
has_cname | boolean | Whether a CNAME record was found |
cname_target | string | CNAME target hostname if present |
explanation | string | Human-readable explanation of the rebinding assessment |
Code Examples
curl "https://api.edgedns.dev/v1/dns/rebinding" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "domain=example.com"const response = await fetch(
'https://api.edgedns.dev/v1/dns/rebinding?domain=example.com',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/dns/rebinding',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'domain': 'example.com'
}
)
data = response.json()
print(data)Read the full DNS Rebinding Check guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.
Try This Endpoint
Test the DNS Rebinding Check endpoint live in the playground.