Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Rebind Attack

    DHCP and DNS
    1
    1
    850
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      Ipeek
      last edited by

      So before I get started I will say I’ve googled and looked through the forums and did not quite find what I was looking for sorry if this seems like a rehash of an old problem.

      Background:

      Previously had a windows server running DNS/DHCP. Had to get rid of it. Built a new DNS server using PowerDNS. Attempted to run DHCP on it as well but ran out of time and decided that pfSense(our main firewall) should run the DHCP. All has been well until yesterday… Yesterday and today a few of my users have been reporting that when they try and access the mail server(mail.mydomain.com) they get the DNS Rebind Attack page from pfSense.

      I've gone in and checked the Disable DNS rebind protection but to no avail. After doing so I try and load the mail.mydomain.com and it brings me to a pfSense login page.

      DNS:

      Now I've had to rebuild the DNS server based on someone else's work. So here is how it sort of looks pertaining to the mail server:

      mail.mydomain.com CNAME zimbra.server.hq.mydomain.com
      mail0.mydomain.com CNAME zimbra.server.hq.mydomain.com
      smtp.mydomain.com CNAME zimbra.server.hq.mydomain.com
      zimbra.mydomain.com CNAME zimbra.server.hq.mydomain.com
      zimbra.server.hq.mydomain.com A 192.168.2.241
      mydomain.com MX zimbra.server.hq.mydomain.com

      I've got NO idea why it was setup this way(the naming convention) but thats how it looks.

      Zimbra.mydomain.com works just fine as well as the others(from what I can tell). Now the mail.mydomain.com is how we view mail outside of the network and that works just fine. I just cant seem to figure out why this is happening.

      On one of my users I set the static information and the page loads fine. Turned it back to DHCP and rebooted and it still loads fine. Tried this on another user and either the page fails to load or it give the DNS rebind page.

      pfSense Setup:

      General Setup > DNS Servers
      192.168.2.2(internal) No gateway set
      97.x.x.x(ISP) No gateway set
      71.x.x.x(ISP) No gateway set

      Allow DNS server list to be overridden by DHCP/PPP on WAN

      Do not use the DNS forwarder as a DNS server for the firewall

      Services > DNS Forwarder

      Enable DNS forwarder

      Register DHCP leases

      Register DHCP static mappings

      Service > DHCP Server > LAN tab(.2 network)

      Enable

      Pools 2.10 to 2.245
      DNS Servers

      • 192.168.2.2
      • 8.8.8.8

      END

      –------------------

      Thanks in advanced!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.