My router false positively detects DNS-rebind attack

I have a router running the latest version of Advanced Tomato. Attempting to access a server on my home network (the same network as the router in question), by using my domain name (as opposed to my IP address) fails and I get the following warning in my router logs:

Jun 19 20:45:13 unknown daemon.warn dnsmasq[3844]: possible DNS-rebind attack detected: <domain_name>

Disabling DNS-rebind protection in the router fixes the problem. Is there anything I can do to fix this problem without disabling DNS-rebind protection?

3

1 Answer

Your Tomato router is using dnsmaq for resolving DNS queries (actually to forward them to a resolver, but don't mind me).

dnsmasq has a built in protection which you find out. It forbid upstreams resolver to return private IP addresses. You can however fix that only for your use case by using one the --rebind-* option in dnsmasq (see man page), excerpt:

--rebind-localhost-ok Exempt 127.0.0.0/8 from rebinding checks. This address range is returned by realtime black hole servers, so blocking it may disable
these services.
--rebind-domain-ok=[<domain>]|[[/<domain>/[<domain>/] Do not detect and block dns-rebind on queries to these domains. The argument may be either a single domain, or multiple domains
surrounded by '/', like the --server syntax, eg.
--rebind-domain-ok=/domain1/domain2/domain3/

In your case, you might want to consider the option --rebind-domain-ok=/domain_name/ (replace domain_name by your domain name).

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like