What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

DNS Rebind Protection - on or off?

S

SkippyP

Regular Contributor
Hello. If using an upstream resolver that already has rebind protection, is it of any value to also keep it enabled on the router? Any harm in keeping it enabled? Does it add significant overhead?
 
You may have it enabled, it won't affect the router's performance in any noticeable way, but you may also get warning messages in system log about possible rebind attack when upstream filtering DNS service blocks something and returns 0.0.0.0 address.
 
Thanks. That’s fine and I’ll keep it enabled. Warning messages in the system log don’t bother me. :)
 
You are perhaps using DoT and filtering upstream DNS resolver. You can keep all three options above "Prevent client auto DoH" to default Disabled state. Keep it simple. Folks like to turn things on/off even when no change is needed just because the option is available.
 
Thanks again. Yes, I’m using DoT to an upstream resolver with filtering (malware protection). The only one enabled is Rebind Protection. The other two settings are disabled. If there’s no harm and no overhead with Rebind Protection, I’ll just leave it enabled.
 
Last edited:
SkippyP said:
Thanks again. Yes, I’m using DoT to an upstream resolver with filtering (malware protection). The only one enabled is Rebind Protection. The other two settings are disabled. If there’s no harm and no overhead with Rebind Protection, I’ll just leave it enabled.
Click to expand...
I've had the Rebind Protection active for years and have never seen any problems. Log fooding has never happened to me, just an occasional message (once or twice a day).
But, to be fair, every connected device is mine and is set up by me, and the messages are only caused by IoT devices that I have only limited control over. As always, ymmv
 
You must log in or register to reply here.

Similar threads

E
Rt-ac68u with Reolink doorbell rebind attack.
Replies
17
Views
1K
eastavin
E
S
AdguardHome + Unbound on Pi4 Correct DNS settings
Replies
6
Views
2K
sammyano
S
B
Control D DNS and possible DNS-rebind attacks
2
Replies
23
Views
1K
sfx2000
sfx2000
H
Solved DNS Rebind Attack Message For Only Two Domains
Replies
4
Views
3K
Viktor Jaep
Viktor Jaep
TanyaC
Possible DNS-Rebind attack detected and unresponsive router plus one more
Replies
3
Views
2K
TanyaC
TanyaC
Similar threads
Thread starter Title Forum Replies Date
H DNS-rebind attack detected: farm.plista.com. etc...?? Asuswrt-Merlin 3
M DNS masq related question Asuswrt-Merlin 22
M Using Mullvad Wireguard VPN with custom DNS Asuswrt-Merlin 3
VeloxNEx GT-BE98 pro DNS Director issue with my pihole? Asuswrt-Merlin 14
K Advertise router's IP in addition to user-specified DNS Asuswrt-Merlin 2
F AGH DNS Director problem Asuswrt-Merlin 12
R Guest Network Pro in FW 3006 - different default DNS Server than in FW 3004? Asuswrt-Merlin 5
R RT-BE88U DNS-over TLS Asuswrt-Merlin 39
M DNS server - order of access Asuswrt-Merlin 13
S Solved [3006.102.4] wireguard client no lan dns resolving? Asuswrt-Merlin 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 2,013 (members: 42, guests: 1,971)
Back
Top