My router false positively detects DNS-rebind attack

networking security dns dnsmasq tomato
7,737

Your Tomato router is using dnsmaq for resolving DNS queries (actually to forward them to a resolver, but don't mind me).

dnsmasq has a built in protection which you find out. It forbid upstreams resolver to return private IP addresses. You can however fix that only for your use case by using one the --rebind-* option in dnsmasq (see man page), excerpt:

--rebind-localhost-ok
    Exempt 127.0.0.0/8 from rebinding checks. This address range is returned by realtime black hole servers, so blocking it may disable
these services. 
--rebind-domain-ok=[<domain>]|[[/<domain>/[<domain>/]
    Do not detect and block dns-rebind on queries to these domains. The argument may be either a single domain, or multiple domains
surrounded by '/', like the --server syntax, eg.
--rebind-domain-ok=/domain1/domain2/domain3/

In your case, you might want to consider the option --rebind-domain-ok=/domain_name/ (replace domain_name by your domain name).

Share:
7,737

Related videos on Youtube

user740250
Author by

user740250

Updated on September 18, 2022

Comments

  • user740250
    user740250 over 1 year

    I have a router running the latest version of Advanced Tomato. Attempting to access a server on my home network (the same network as the router in question), by using my domain name (as opposed to my IP address) fails and I get the following warning in my router logs:

    Jun 19 20:45:13 unknown daemon.warn dnsmasq[3844]: possible DNS-rebind attack detected: <domain_name>

    Disabling DNS-rebind protection in the router fixes the problem. Is there anything I can do to fix this problem without disabling DNS-rebind protection?

    • Ƭᴇcʜιᴇ007
      Ƭᴇcʜιᴇ007 almost 7 years
      Don't try and access your LAN from within the LAN using it's WAN address, it will confuse the router.
    • user740250
      user740250 almost 7 years
      It is so much more convenient to only have a single set of bookmarks, though! (My use case is accessing several different services on different ports, ergo my need for bookmarks)
    • David
      David almost 7 years
      You could setup a local host file on your computers within the LAN to use the private IP instead of the public IP, then you could still use your bookmarks.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

/var/run/dnsmasq/resolv.conf nameserver contents
how to setup split-dns for vpn with network-manager
Lost editing DNS config in Ubuntu 18.04
NetworkManager writing to resolv.conf every reboot, breaking dnsmasq?
Something is listening on port 53
Why do none of my local servers resolve?
dnsmasq : failed to create listening socket for port 53: Address already in use
Enable DNS Hostname resolution with OpenVPN and DNSMasq
dnsmasq as local secondary authoritative dns server
dnsmasq not working to point .local addresses to 127.0.0.1