What's new

Solved DNS Rebind Attack Message For Only Two Domains

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

HarryMuscle

Senior Member
I use ControlD for my DNS servers which return 0.0.0.0 for blocked domains so I've added the following to my dnsmasq configuration via the dnsmasq.conf.add file:
Code:
bogus-nxdomain=0.0.0.0
however, for some reason I keep getting the following messages in my logs every few seconds:
Code:
Nov 15 15:03:33 dnsmasq[2721]: possible DNS-rebind attack detected: multiscreen.samsung.com
Nov 15 15:03:35 dnsmasq[2721]: possible DNS-rebind attack detected: cdn.samsungcloudsolution.com
I don't get these log entries with any other blocked domains so I'm thinking something strange is going on with these two domains but I can't figure out what. If I run nslookup for these domains against the ControlD DNS server they do indeed come back as 0.0.0.0 so it shouldn't be triggering a rebind warning but it is. Is there any way to get more details from dnsmasq about why it thinks there is a DNS rebind attack? Or is there something else I could look into to try to get to the bottom of this?

Thanks,
Harry
 
Turns out I also needed to add this to the dnsmasq.conf.add file
Code:
bogus-nxdomain=::
even though I have IPv6 disabled adding this fixed the issue above. I'll leave this here in case anyone else comes across a similar problem.

Thanks,
Harry
 
Turns out I also needed to add this to the dnsmasq.conf.add file
Code:
bogus-nxdomain=::
even though I have IPv6 disabled adding this fixed the issue above. I'll leave this here in case anyone else comes across a similar problem.

Thanks,
Harry
You might want to add “[SOLVED]” to the start of the title so that anyone looking for an answer in future - which you’ve kindly given - can instantly home in on your topic.
 
You probably want to disable rebind protection if you’re using a filtering DNS provider. Otherwise, you will eventually see more blocked domains give the same warning message.
 
You can also resolve this by using this statement:

Code:
echo "rebind-domain-ok=/plex.direct/" >> /jffs/configs/dnsmasq.conf.add
service restart_dnsmasq
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top