What's new

NXDOMAIN DNS Results Flagged As "Possible DNS-rebind attack detected" In Log

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


Senior Member
I'm using ControlD DNS servers to block ads and I have Enable DNS Rebind Protection set to Yes on the WAN page, however, whenever a blocked domain gets queried (which ControlD returns NXDOMAIN for) I get the following message in my logs:

DATE dnsmasq[1729]: possible DNS-rebind attack detected: domain.com

Is there a way to quiet these incorrect log messages? Or better yet fix the problem, since a NXDOMAIN DNS result isn't a rebind attack?

Or it returns which is considered a rebind attack and dnsmasq is subsequently returning NXDOMAIN to you.
# dig ad.doubleclick.net @

; <<>> DiG 9.18.10 <<>> ad.doubleclick.net @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43392
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;ad.doubleclick.net.            IN      A

ad.doubleclick.net.     60      IN      A

;; Query time: 29 msec
;; WHEN: Wed Jan 11 21:17:47 EST 2023
;; MSG SIZE  rcvd: 52
Best to disable rebind protection if using an ad-blocking DNS service upstream.
Wouldn't it be a whole lot easier to just run Diversion or a Pi with Pi-Hole?
Are you sure it's returning NXDOMAIN? That wouldn't normally generate a rebind message. There was a recent discussion about NextDNS returning for blocked domains which will trigger a rebind warning.

Turns out the bogus-nxdomain configuration entry mentioned in that thread solved the issue. So I guess they do return instead of NXDONAIN like they (or someone somewhere when I Googled) claim.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!