Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Weird DNS rebind issue - Chrome/Brave go to the wrong host. Firefox works fine.

    Scheduled Pinned Locked Moved General pfSense Questions
    22 Posts 3 Posters 3.3k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pfstyro @pfstyro
      last edited by

      @pfstyro No - as I had tried to use private/incognito sessions before I didn't really expect that to work.

      Just for good measure - I wiped all browsing data and cookies from both Chrome and Brave - just in case they cross talked.

      1 Reply Last reply Reply Quote 0
      • P Offline
        pfstyro @johnpoz
        last edited by

        @johnpoz Yes, It now seems it isn't pfSense - you are quite right. I will go check the idea of an appended domain name. I doubt it - but maybe it has corrupted and gotten in. Thanks

        Sorry for the slow reply - had to wait 120 seconds :-)

        johnpozJ 1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          Yup seeing queries for ABC.mydomain.net.mydomain.net is disappointingly common!

          P 1 Reply Last reply Reply Quote 1
          • P Offline
            pfstyro @stephenw10
            last edited by

            @stephenw10 Well, I set the Windows PC as a fixed IP and the problem disappeared. I thought I had done that before. Windows keeps messing about with things like that at update time - I hate it but need it for some specific apps.

            Anyway, I obviously have a dns settings error in my pfSense. Will go hunt for that now.

            Thank you for the help. Sometimes you can get so caught up in what you have done and what you think you have done you get lost. Sorry to have wasted your time.

            1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator @pfstyro
              last edited by

              @pfstyro well the trick here is figuring out why whatever fqdn your trying to access is going to pfsense IP..

              These browser makes try and use doh these days, even when you don't want them too - its default.. So its possible doh as already mentioned is returning maybe your public IP from whatever domain your trying to look up.. Could you PM the fqdn your trying to access, and can see what the public internet dns says about it, and report back to you via PM.. If your hitting the pfsense wan IP via fqdn is not aware of - you would get the same error..

              So I pointed my test fqdn to my public IP, and then flushed my local dns cache and browser cache.. And if I hit in my browser even my public IP I get the rebind error - because the fqdn trying to be access is not A name pfsense is aware of.

              ;; QUESTION SECTION:
              ;zzz.testrebind.com.            IN      A
              
              ;; ANSWER SECTION:
              zzz.testrebind.com.     3550    IN      A       64.53.x.x
              

              As to finding out what exactly your client is asking for - and validate its actually asking unbound on pfsense.. Is to turn on logging of unbound queries.

              server:
              log-queries: yes
              

              In the unbound custom box..

              Better would be prob just sniff on pfsense for your host IP and dns, and then flush all the caching and try access again.. Then you would see the query, and the response, etc..

              09:22:16.708113 00:13:3b:2f:67:62 > 00:08:a2:0c:e6:24, ethertype IPv4 (0x0800), length 101: (tos 0x0, ttl 128, id 13061, offset 0, flags [none], proto UDP (17), length 87)
                  192.168.9.100.58718 > 192.168.9.253.53: [udp sum ok] 17672+ [1au] A? zzz.testrebind.com. ar: . OPT UDPsize=4096 (59)
              09:22:16.708379 00:08:a2:0c:e6:24 > 00:13:3b:2f:67:62, ethertype IPv4 (0x0800), length 105: (tos 0x0, ttl 64, id 3277, offset 0, flags [none], proto UDP (17), length 91)
                  192.168.9.253.53 > 192.168.9.100.58718: [bad udp cksum 0x950a -> 0x25de!] 17672* q: A? zzz.testrebind.com. 1/0/1 zzz.testrebind.com. A 64.53.x.x ar: . OPT UDPsize=4096 (63)
              

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

              P 1 Reply Last reply Reply Quote 0
              • P Offline
                pfstyro @johnpoz
                last edited by

                @johnpoz
                Thanks, I'll have a look at that - but I think it might have been something simple.

                Can you confirm, does 127.0.0.1 have to be explicitly specified in the DNS list for it to use that as the default when using DHCP for an IP address etc?

                If so, that was my problem - missing 127.0.0.1 in the DNS list. Added that and it worked from there.

                I also tried the hostname from my mobile after your last message (I think I'd done that before anyway) and that just returns a host can't be reached message as expected.

                johnpozJ stephenw10S 2 Replies Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator @pfstyro
                  last edited by

                  @pfstyro said in Weird DNS rebind issue - Chrome/Brave go to the wrong host. Firefox works fine.:

                  does 127.0.0.1 have to be explicitly specified in the DNS list for it to use that as the default when using DHCP for an IP address etc?

                  huh? You would not set loopback address 127.0.0.1 anywhere in the dhcp settings. If you handed out 127.0.0.1 to a dhcp client for dns - it would just ask itself.

                  127.0.0.1 is address of the localhost, it always and can only ever tell the host to talk to itself.. That would never be listed in dhcp for dns - unless you wanted to break dns ;)

                  Now pfsense would ask itself, ie using 127.0.0.1 when IT wants to resolve something, ie it would ask unbound via that IP (itself).. But that would have zero to do with what a client would ask or resolve.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                  P 1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator @pfstyro
                    last edited by

                    @pfstyro said in Weird DNS rebind issue - Chrome/Brave go to the wrong host. Firefox works fine.:

                    does 127.0.0.1 have to be explicitly specified in the DNS list for it to use that as the default when using DHCP for an IP address etc?

                    For pfSense itself? No it doesn't. And in fact it can cause problems doing so.

                    To DHCP clients? Also no.

                    I suspect re-saving that applied (or re-applied) some setting to Unbound.

                    Steve

                    P 1 Reply Last reply Reply Quote 0
                    • P Offline
                      pfstyro @johnpoz
                      last edited by pfstyro

                      @johnpoz Well, yes, I know it is the loopback.

                      Here is the thing.
                      When I set the DNS manually on the Windows PC to the pfSense IP address, the problematic page worked, but accessing the pfSense webGUI page reported a rebind attack.

                      I then added the loopback to the DNS list in System>General Settings (DNS Servers section). It apparently then all began to work fine.

                      Now I am even more confused.

                      1 Reply Last reply Reply Quote 0
                      • P Offline
                        pfstyro @stephenw10
                        last edited by

                        @stephenw10
                        Yes, I think that must have been where the corruption was - I removed it and it is all working properly now.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.