1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Is DNSrebind protection necessary when using Dnscrypt?

Discussion in 'Asuswrt-Merlin' started by dugaduga, Dec 19, 2018.

  1. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    122
    Or is it redundant?

    Thanks!
     
  2. DonnyJohnny

    DonnyJohnny Very Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    659
    wrong question. Nothing to do with dnscrypt/doh/dot
    i think you referring to opendns dnsrebind protection. If other dns resolver do not have that feature then it is still necessary.
    In any case, it wouldn't take much resources with the rebinding protection. So i suggest to leave it on.
     
  3. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    122
    So DNSrebind protection IS necessary when using Dnscrypt, unless the upstream resolver is already configured with rebind protection? exactly what I needed to know, thanks.

    No I am referring to Asuswrt rebind protection under lan/dhcp
     
  4. Zonkd

    Zonkd Regular Contributor

    Joined:
    Oct 19, 2014
    Messages:
    197
    @DonnyJohnny - his question is unrelated to OpenDNS DNS Rebind protection available from their website dashboard. He is referring to feature built into latest Merlin firmware.

    @dugaduga I had same question and I don't believe its redundant. According to my syslogs DNS Rebind feature in latest firmware is actively blocking rebind attempts (though they're all false positives). But I do still wonder if it could interfere with DNSCrypt (I am using DoH).
     
    dugaduga likes this.
  5. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    122
    Thank you @Zonkd, could you give me an example of the logs signifying rebinding blocks?
     
  6. Zonkd

    Zonkd Regular Contributor

    Joined:
    Oct 19, 2014
    Messages:
    197
    dugaduga likes this.