Is DNSrebind protection necessary when using Dnscrypt?

[dugaduga]

Or is it redundant?

Thanks!

 

[DonnyJohnny]

wrong question. Nothing to do with dnscrypt/doh/dot
i think you referring to opendns dnsrebind protection. If other dns resolver do not have that feature then it is still necessary.
In any case, it wouldn't take much resources with the rebinding protection. So i suggest to leave it on.

 

[dugaduga]

So DNSrebind protection IS necessary when using Dnscrypt, unless the upstream resolver is already configured with rebind protection? exactly what I needed to know, thanks.

No I am referring to Asuswrt rebind protection under lan/dhcp

 

[Zonkd]

wrong question. Nothing to do with dnscrypt/doh/dot
i think you referring to opendns dnsrebind protection. If other dns resolver do not have that feature then it is still necessary.
In any case, it wouldn't take much resources with the rebinding protection. So i suggest to leave it on.

@DonnyJohnny - his question is unrelated to OpenDNS DNS Rebind protection available from their website dashboard. He is referring to feature built into latest Merlin firmware.

@dugaduga I had same question and I don't believe its redundant. According to my syslogs DNS Rebind feature in latest firmware is actively blocking rebind attempts (though they're all false positives). But I do still wonder if it could interfere with DNSCrypt (I am using DoH).

 

[dugaduga]

Thank you @Zonkd, could you give me an example of the logs signifying rebinding blocks?

 

[Zonkd]

Thank you @Zonkd, could you give me an example of the logs signifying rebinding blocks?

Take a look at this thread https://www.snbforums.com/threads/share-possible-dns-rebind-logs.48595/