Menu
What's new
By:
Filters Better Search

NXDOMAIN DNS Results Flagged As "Possible DNS-rebind attack detected" In Log

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

H

HarryMuscle

Senior Member
I'm using ControlD DNS servers to block ads and I have Enable DNS Rebind Protection set to Yes on the WAN page, however, whenever a blocked domain gets queried (which ControlD returns NXDOMAIN for) I get the following message in my logs:

DATE dnsmasq[1729]: possible DNS-rebind attack detected: domain.com

Is there a way to quiet these incorrect log messages? Or better yet fix the problem, since a NXDOMAIN DNS result isn't a rebind attack?

Thanks,
Harry
 
Or it returns 0.0.0.0 which is considered a rebind attack and dnsmasq is subsequently returning NXDOMAIN to you.
Code: 
# dig ad.doubleclick.net @76.76.2.2

; <<>> DiG 9.18.10 <<>> ad.doubleclick.net @76.76.2.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43392
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ad.doubleclick.net.            IN      A

;; ANSWER SECTION:
ad.doubleclick.net.     60      IN      A       0.0.0.0

;; Query time: 29 msec
;; SERVER: 76.76.2.2#53(76.76.2.2) (UDP)
;; WHEN: Wed Jan 11 21:17:47 EST 2023
;; MSG SIZE  rcvd: 52
Best to disable rebind protection if using an ad-blocking DNS service upstream.
 
Wouldn't it be a whole lot easier to just run Diversion or a Pi with Pi-Hole?
 
ColinTaylor said:
Are you sure it's returning NXDOMAIN? That wouldn't normally generate a rebind message. There was a recent discussion about NextDNS returning 0.0.0.0 for blocked domains which will trigger a rebind warning.

https://www.snbforums.com/threads/m...ter-decide-which-one-to-use.82014/post-804869
Click to expand...
Turns out the bogus-nxdomain configuration entry mentioned in that thread solved the issue. So I guess they do return 0.0.0.0 instead of NXDONAIN like they (or someone somewhere when I Googled) claim.
 
You must log in or register to reply here.

Similar threads

H
Solved DNS Rebind Attack Message For Only Two Domains
Replies
4
Views
660
Viktor Jaep
Viktor Jaep
TanyaC
Possible DNS-Rebind attack detected and unresponsive router plus one more
Replies
3
Views
681
TanyaC
TanyaC
J
possible DNS-rebind attack detected
Replies
9
Views
3K
sfx2000
sfx2000
L
Possible DNS-rebind attack detected: api64.com
Replies
6
Views
2K
liukuohao
L
CaptnDanLKW
Updated my DNS Settings - DoT implications and DNS Rebind Attack message
Replies
12
Views
4K
Treadler
Treadler
Similar threads
Thread starter Title Forum Replies Date
icanfly custom domains report NXDOMAIN for IPv6 DNS and fail to resolve in Alpine OS Asuswrt-Merlin 2
url004 NXDOMAIN on server but the router can resolve queries Asuswrt-Merlin 1
T Using DOT DNS breaks ECS Asuswrt-Merlin 9
pdc Router DNS returning Refused Asuswrt-Merlin 2
C Need help with GT-AXE11000 and DNS Director Asuswrt-Merlin 0
V DNS server vs DNS-over TLS server list Asuswrt-Merlin 3
R Would any of this make my browsing more secure? (WAN DNS settings) Asuswrt-Merlin 20
A DNS/TLS IPv6. Asuswrt-Merlin 4
X DNS Director - question Asuswrt-Merlin 6
X RT-AX58U sudden DNS problem - URGENT Asuswrt-Merlin 14

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 743 (members: 37, guests: 706)
Top