Getting Potential DNS Rebind attack when accessing the public IP of a web server
-
I have tried many of the things I found when searching the DNS rebind error along with pfSense.
We are using 2.2.5.
Have the public IP forwarding to a web server sitting on the LAN. Microsoft a-d and 2012 web server.
When anyone outside goes to the web address t works fine.
When a user at the local LAN goes to the web address they get the Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/dns_rebinding. Try accessing the router by IP address instead of by hostname.I am not trying to address the router, I am trying to address the webserver.
I checked the disable DNS binding checks and it then pulls up the router webgui when hitting the public IP.
Not using DNS on the router so setting the rebind-domain-ok command in the dns forwarder and private domain in the resolver didn't do anything.
I also tried enabling them both with the settings and it made no difference.Any other suggestions?
Thanks. -
I retried a couple of things and this time it worked.
I do not like it when things work sometimes and not others, but oh well.
Anyways, created a DNS forwarder zone to the web address and the internal clients now leave the router alone.
Thanks -
You don't want to disable that. Split DNS, or NAT reflection, is what you want.
read the bottom of:
https://doc.pfsense.org/index.php/DNS_Rebinding_Protections