DNS rebinding protection

Home networks hosting connected devices (like Google Nest speakers, home media servers, and Internet of Things devices) can be vulnerable to a type of attack known as DNS rebinding. To protect against these attacks, Google Wifi uses DNS Rebinding Protection, which blocks the use of private IP ranges by public domains. This feature is enabled by default on Google Wifi.

However, some services require DNS rebinding to function. If you want to allow DNS rebinding on your local network, you can disable DNS Rebinding Protection by setting custom DNS servers at your own risk.

Note: To change advanced settings, you’ll need to use the Google Wifi app, even if you normally use the Google Home app to manage your devices. Download the app from the Play Store (Android) or App Store (iOS).

Disable DNS rebinding protection

  1. Open the Google Wifi app .
  2. Tap the Settings and action tab  and then Network & general.
  3. Under 'Network', tap Advanced networking and then DNS.
  4. Tap Custom and enter your desired DNS.
    Note: We recommend using 8.8.8.8 as your Primary Server, and 8.8.4.4 as your Secondary server. If you would like to use IPV6, we suggest using 2001:4860:4860::8888 as your Primary Server and 2001:4860:4860::8844 as your Secondary server.
  5. Tap Save.

What is a DNS rebinding attack?

A DNS rebinding attack is performed when a malicious website pretends that IP addresses (usually IPs reserved for local networks) are part of their domain. This allows them to circumvent the same-origin policy implemented by browsers and view data from these IP addresses.

A DNS rebinding attack can happen if someone using your network visits a malicious website that identifies your local IP address and deduces the structure of your local network. The malicious website could then bind their domains to the local IP address, send requests to devices on your network, and then read any responses to those requests. This could allow attackers to access some of your private information, or further compromise your network security.

Related article

Change your DNS

Was this helpful?
How can we improve it?