What's new

Using next DNS: possible DNS attack rebind detected issue

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

kannanni

Occasional Visitor
Hi there,

Using latest Merlin on my ac68u

Managed to connect manually to nextdns via DoT using my nextdns ID

However my sysinfo is constantly flooded with errors: possible DNS rebind attack detected.. false positives
Screenshot_20200227-073411_Samsung Internet.jpg


This does not happen when using Google or Cloudflare..

Any cure to this without having to turn off DNS rebind protection from router?
 
Looks like nextdns is filtering ad sites for you. Your options are to disable it on their website, turn off rebind protection, or block the hosts on your router as well. They put their blocked hosts lists on their github if you want to take the third option, which you should be able to dump straight into diversion.
 
Not sure i am correct on this but think it has been a lot of issues when using NextDNS with DoT
Some options:
NextDNS with DoH is working well from DNSCrypt installer (how to)
NextDNS also have their own installer (DoH)for Asuswrt-Merlin
 
Not sure i am correct on this but think it has been a lot of issues when using NextDNS with DoT
Some options:
NextDNS with DoH is working well from DNSCrypt installer (how to)
NextDNS also have their own installer (DoH)for Asuswrt-Merlin
NextDNS does not work great with Stubby (used for DoT) indeed.

However, for this particular issue it should be enough to turn off "Enable DNS Rebind protection" in the router GUI.

(NextDNS already performs DNS Rebind protection on their servers for you)
 
NextDNS does not work great with Stubby (used for DoT) indeed.

However, for this particular issue it should be enough to turn off "Enable DNS Rebind protection" in the router GUI.

(NextDNS already performs DNS Rebind protection on their servers for you)


better to disable DNS rebind protection on the router or on the nextdns setup?
 
NextDNS does not work great with Stubby (used for DoT) indeed.

However, for this particular issue it should be enough to turn off "Enable DNS Rebind protection" in the router GUI.

(NextDNS already performs DNS Rebind protection on their servers for you)
(Basically, in a nutshell, they need the dns-stuffs from your router to be uninterrupted in order to manage it)
 
^^^ On your router, let nextdns do the work... IMHO.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top