I use ControlD for my DNS servers which return 0.0.0.0 for blocked domains so I've added the following to my dnsmasq configuration via the dnsmasq.conf.add file:
however, for some reason I keep getting the following messages in my logs every few seconds:
I don't get these log entries with any other blocked domains so I'm thinking something strange is going on with these two domains but I can't figure out what. If I run nslookup for these domains against the ControlD DNS server they do indeed come back as 0.0.0.0 so it shouldn't be triggering a rebind warning but it is. Is there any way to get more details from dnsmasq about why it thinks there is a DNS rebind attack? Or is there something else I could look into to try to get to the bottom of this?
Nov 15 15:03:33 dnsmasq: possible DNS-rebind attack detected: multiscreen.samsung.com
Nov 15 15:03:35 dnsmasq: possible DNS-rebind attack detected: cdn.samsungcloudsolution.com