Getting Potential DNS Rebind attack when accessing the public IP of a web server



  • I have tried many of the things I found when searching the DNS rebind error along with pfSense.
    We are using 2.2.5.
    Have the public IP forwarding to a web server sitting on the LAN. Microsoft a-d and 2012 web server.
    When anyone outside goes to the web address t works fine.
    When a user at the local LAN goes to the web address they get the Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/dns_rebinding. Try accessing the router by IP address instead of by hostname.

    I am not trying to address the router, I am trying to address the webserver.

    I checked the disable DNS binding checks and it then pulls up the router webgui when hitting the public IP.

    Not using DNS on the router so setting the rebind-domain-ok  command in the dns forwarder and private domain in the resolver didn't do anything.
    I also tried enabling them both with the settings and it made no difference.

    Any other suggestions?
    Thanks.



  • I retried a couple of things and this time it worked.
    I do not like it when things work sometimes and not others, but oh well.
    Anyways, created a DNS forwarder zone to the web address and the internal clients now leave the router alone.
    Thanks



  • You don't want to disable that. Split DNS, or NAT reflection, is what you want.
    read the bottom of:
    https://doc.pfsense.org/index.php/DNS_Rebinding_Protections