What's new

Possible DNS-rebind attack detected: api64.com

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

liukuohao

Regular Contributor
Hi,

Should I be worried about this DNS-rebind attack?

2022-11-15_12-08-31.jpg


I could not find any information about api64.com

Except it is a legit website: whois lookup api64.com

Here are my WAN settings on DNS:

2022-11-15_12-19-33.jpg


Thank you.
 
You should disable DNS Rebind protection when using an upstream DNS service that blocks ad domains. The expected 0.0.0.0 response from AdGuard is considered a rebind attack to dnsmasq.

Disable “Forward local domain queries to upstream DNS” while you’re at it.
 
You should disable DNS Rebind protection when using an upstream DNS service that blocks ad domains. The expected 0.0.0.0 response from AdGuard is considered a rebind attack to dnsmasq.

Disable “Forward local domain queries to upstream DNS” while you’re at it.
In other words, disable

A) Forward local domain queries to upstream DNS

or

B) DNS Rebin protection

am I right?

Or disable BOTH?
 
Few of us here would need to forward local domain queries upstream. How is an upstream server going to know about whats on your own network (there are situations when this would be correct, but not usually for home users).

Regards Rebind protection, the other solution is just to turn down the sensitivity in the general log! Unless something isn't working, do you need to know every decision the router takes? You can always turn the settings back up if you need to! So often in other forums, you see people getting so scared simply because of too much information that they then struggle to decode!
 
Few of us here would need to forward local domain queries upstream. How is an upstream server going to know about whats on your own network (there are situations when this would be correct, but not usually for home users).

Regards Rebind protection, the other solution is just to turn down the sensitivity in the general log! Unless something isn't working, do you need to know every decision the router takes? You can always turn the settings back up if you need to! So often in other forums, you see people getting so scared simply because of too much information that they then struggle to decode!
OK thanks, I have turned off both.

FYI, there at 1 time, surfing the internet suddenly stopped.
My wife was listening to a youtube song and suddenly paused.
My camera view of 1 camera suddenly gets disconnected.
I am using Blue Iris to feed live camera viewing on my monitor,
Every time a camera gets disconnected means something or someone
changes the IP of the camera in Blue Iris and hence I lost the camera feed.
So as you can see, I am trying to find out was my network was being compromised.
This led to this query about this DNS setting.
I am using the Network Service filter to deny all my cameras' internet traffic to ANY destination under the protocol: TCP & UDP.
 
Last edited:
You could just use the option in the Network Map client list to do that.

View attachment 45507
Yup, I had already done this at the very beginning.
In fact, I had both Block Internet Access = ON and......The network Service Filter is fully set up to deny traffic on TCP & UDP protocols.

I am not a network guru here, just a newbie.

I suspect the Chinese-made TP-LINK TL-WA1201 is trying to talk to the outside world, using DNS
over HTTPS, though I cannot prove it.

But again, I might be wrong here, since I blocked deny all protocols in Network Service Filter.

I am trying these new settings using Quad 9 DNS server to filter out the malicious websites.
It seems to be working.

I need to try it for about a couple of weeks to find out.

2022-11-16_13-04-56.jpg
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top