Menu
What's new
By:
Filters Better Search

Solved DNS Rebind Attack Message For Only Two Domains

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

H

HarryMuscle

Senior Member
I use ControlD for my DNS servers which return 0.0.0.0 for blocked domains so I've added the following to my dnsmasq configuration via the dnsmasq.conf.add file:
Code: 
bogus-nxdomain=0.0.0.0
however, for some reason I keep getting the following messages in my logs every few seconds:
Code: 
Nov 15 15:03:33 dnsmasq[2721]: possible DNS-rebind attack detected: multiscreen.samsung.com
Nov 15 15:03:35 dnsmasq[2721]: possible DNS-rebind attack detected: cdn.samsungcloudsolution.com
I don't get these log entries with any other blocked domains so I'm thinking something strange is going on with these two domains but I can't figure out what. If I run nslookup for these domains against the ControlD DNS server they do indeed come back as 0.0.0.0 so it shouldn't be triggering a rebind warning but it is. Is there any way to get more details from dnsmasq about why it thinks there is a DNS rebind attack? Or is there something else I could look into to try to get to the bottom of this?

Thanks,
Harry
 
Turns out I also needed to add this to the dnsmasq.conf.add file
Code: 
bogus-nxdomain=::
even though I have IPv6 disabled adding this fixed the issue above. I'll leave this here in case anyone else comes across a similar problem.

Thanks,
Harry
 
HarryMuscle said:
Turns out I also needed to add this to the dnsmasq.conf.add file
Code: 
bogus-nxdomain=::
even though I have IPv6 disabled adding this fixed the issue above. I'll leave this here in case anyone else comes across a similar problem.

Thanks,
Harry
Click to expand...
You might want to add “[SOLVED]” to the start of the title so that anyone looking for an answer in future - which you’ve kindly given - can instantly home in on your topic.
 
You probably want to disable rebind protection if you’re using a filtering DNS provider. Otherwise, you will eventually see more blocked domains give the same warning message.
 
You can also resolve this by using this statement:

Code: 
echo "rebind-domain-ok=/plex.direct/" >> /jffs/configs/dnsmasq.conf.add
service restart_dnsmasq
 
You must log in or register to reply here.

Similar threads

TanyaC
Possible DNS-Rebind attack detected and unresponsive router plus one more
Replies
3
Views
696
TanyaC
TanyaC
H
NXDOMAIN DNS Results Flagged As "Possible DNS-rebind attack detected" In Log
Replies
5
Views
900
HarryMuscle
H
J
possible DNS-rebind attack detected
Replies
9
Views
3K
sfx2000
sfx2000
E
Firmware/Router Causes Excessive and Unwanted DNS Queries to www.wordpress.com
2
Replies
20
Views
1K
ColinTaylor
C
CaptnDanLKW
Updated my DNS Settings - DoT implications and DNS Rebind Attack message
Replies
12
Views
4K
Treadler
Treadler
Similar threads
Thread starter Title Forum Replies Date
TanyaC Possible DNS-Rebind attack detected and unresponsive router plus one more Asuswrt-Merlin 3
T Using DOT DNS breaks ECS Asuswrt-Merlin 9
pdc Router DNS returning Refused Asuswrt-Merlin 2
C Need help with GT-AXE11000 and DNS Director Asuswrt-Merlin 0
V DNS server vs DNS-over TLS server list Asuswrt-Merlin 3
R Would any of this make my browsing more secure? (WAN DNS settings) Asuswrt-Merlin 20
A DNS/TLS IPv6. Asuswrt-Merlin 4
X DNS Director - question Asuswrt-Merlin 6
X RT-AX58U sudden DNS problem - URGENT Asuswrt-Merlin 14
P Solved Router DHCP and DNS not responding to changes Asuswrt-Merlin 35

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 994 (members: 24, guests: 970)
Top