DNS Rebind Attack

[unsynaps]

Never thought I Would see this in my logs so soon after the feature was added.

Aug 25 17:51:58 dnsmasq[834]: possible DNS-rebind attack detected: 0gyenb54-db49a495be8262eeb3247dd76003d7580a90d4bf-mob.d.aa.online-metrix.net

I wonder how many times this was tried before I installed 384.6.

 

[sfx2000]

Never thought I Would see this in my logs so soon after the feature was added.

Sanitized for your protection - it's a warning in the log, and a fix that was put in to mitigate that threat to some degree..

 

[john9527]

If you are using dnscrypt, try selecting one of the cs-xxxx servers in the US (for example cs-uswest, etc). When I would use one of those, my syslog would fill with rebind attack msgs. One of the things that made me a bit leary of dnscrypt.

 

[sfx2000]

If you are using dnscrypt, try selecting one of the cs-xxxx servers in the US (for example cs-uswest, etc). When I would use one of those, my syslog would fill with rebind attack msgs. One of the things that made me a bit leary of dnscrypt.

Is DNScrypt turning into this kind of mess?

Was not supposed to be there...

 

[RMerlin]

The rebind protection was correct, this has nothing to do with DNSCrypt.

merlin@ubuntu-dev:~$ nslookup 0gyenb54-db49a495be8262eeb3247dd76003d7580a90d4bf-mob.d.aa.online-metrix.net
Server:        127.0.0.53
Address:    127.0.0.53#53

Non-authoritative answer:
Name:    0gyenb54-db49a495be8262eeb3247dd76003d7580a90d4bf-mob.d.aa.online-metrix.net
Address: 127.0.0.1

 

[john9527]

The rebind protection was correct, this has nothing to do with DNSCrypt.

Didn't mean to imply that this error was related to DNSCrypt, just that I had a way to generate a lot of rebind errors.

I probably should have notified the author, but instead I went back and checked those servers every so often to see if anyone was 'minding the store'....it appears not.

 

[RMerlin]

Anyway, time to bury DNSCrypt IMHO now that the IETF has thrown their weight behind something.

 

[skeal]

Anyway, time to bury DNSCrypt IMHO now that the IETF has thrown their weight behind something.

I'm sorry what new technology are they supporting? Will it be an adopted as a protocol?

 

[RMerlin]

I'm sorry what new technology are they supporting? Will it be an adopted as a protocol?

DNS-over-TLS.

 

[DonnyJohnny]

I'm sorry what new technology are they supporting? Will it be an adopted as a protocol?

DOH? Google rallying behind? Lol...

 

[skeal]

DNS-over-TLS.

We need an installation script or Asus add support for it? Thanks my friend!

 

[john9527]

I'm sorry what new technology are they supporting? Will it be an adopted as a protocol?

DoT is currently an approved RFC....a DoH draft RFC is being worked.

 

[RMerlin]

We need an installation script or Asus add support for it? Thanks my friend!

https://www.snbforums.com/threads/fork-asuswrt-merlin-374-43-lts-dns-over-tls-beta-closed.48115/

Requires a special daemon, and you also must use specific nameservers.

 

[sfx2000]

Anyway, time to bury DNSCrypt IMHO now that the IETF has thrown their weight behind something.

Yep - the DNSSEC is still valid, but the DNS-TLS seems to be getting good steam here and strong consensus... and for good reason.

DNS-Crypt - kicked to the curb by the IETF, and it's probably still very valid on the dark-web these days - some folks might need that I suppose for nefarious purposes...

Still remember catching some flack from proponents on the forum here when challenging the validity of DNS-Crypt and the issues behind it...