I have a router running the latest version of Advanced Tomato. Attempting to access a server on my home network (the same network as the router in question), by using my domain name (as opposed to my IP address) fails and I get the following warning in my router logs:
Jun 19 20:45:13 unknown daemon.warn dnsmasq[3844]: possible DNS-rebind attack detected: <domain_name>
Disabling DNS-rebind protection in the router fixes the problem. Is there anything I can do to fix this problem without disabling DNS-rebind protection?
31 Answer
Your Tomato router is using dnsmaq for resolving DNS queries (actually to forward them to a resolver, but don't mind me).
dnsmasq has a built in protection which you find out. It forbid upstreams resolver to return private IP addresses. You can however fix that only for your use case by using one the --rebind-* option in dnsmasq (see man page), excerpt:
--rebind-localhost-ok Exempt 127.0.0.0/8 from rebinding checks. This address range is returned by realtime black hole servers, so blocking it may disable
these services.
--rebind-domain-ok=[<domain>]|[[/<domain>/[<domain>/] Do not detect and block dns-rebind on queries to these domains. The argument may be either a single domain, or multiple domains
surrounded by '/', like the --server syntax, eg.
--rebind-domain-ok=/domain1/domain2/domain3/In your case, you might want to consider the option --rebind-domain-ok=/domain_name/ (replace domain_name by your domain name).