Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Rebind Attack generated when trying to connect to local hostname with static DHCP lease

    DHCP and DNS
    1
    1
    354
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      ryanrozich
      last edited by

      Hi there. I recently started getting "Potential DNS Rebind attack detected" errors for internal host names with static DHCP leases on my network. Can anyone help me with where I've gone wrong? From what I can tell I should have pfsense configured to resolve local hostnames - but I must have something misconfigured..

      I have my wireless AP configured with a static DHCP lease with the hostname wireless

      cbb860e6-cf33-4d18-8108-97098cb80c82-image.png

      I am using DNS Resolver with both DHCP Registration and Static DHCP selected

      d88dc0c5-789c-43ab-9bd9-402e7663af27-image.png

      I also have DNS Query Forwarding turned on in the resolver and am using cloudflare DNS over TLS

      0d402431-81a7-4955-8de2-4ef3be5095cd-image.png

      In my System > General Setup I have Domain set to rozich.com as TLD for all local DNS

      16d0480b-0552-4ab6-a3d8-428554ae260d-image.png

      So, when I try to connect to my wireless router (hostname: wireless) using wireless.rozich.com I would expect the DNS Resolver to route me to the ip address of the wireless router. However, I get a DNS Rebind error when I try to connect:

      3856d686-acef-433d-9237-9f03bef06c88-image.png

      SOME THINGS THAT IVE TRIED
      A couple things that I tried (with no luck)

      Add custom options to DNS Resolver - added the internal TLD as a private-domain - this did not have any effect.

      638f5055-6848-4f8a-818c-de13e46ed3f3-image.png

      Disable DNS Rebind Protection I've even tried selecting Disable DNS Rebinding Checks under System >Advanced > Admin Access

      4704a716-dde3-4899-a95f-951e5e6f918b-image.png

      But when I disable the rebind check wireless.rozich.com taking me to the PFSense admin

      a38e909d-6164-4742-8b1b-c552c93530f0-image.png

      Furthermore, the static lease for wireless is the lan address 192.168.100.1; but I can see in chrome dev tools that wireless.rozich.com is resolving to the WAN IP Address of pfsense??!

      46cff7c7-7397-4e23-aabb-9ad0191ab796-image.png

      Can anyone help here? For reference here is my setup:

      94dfe1b8-21b3-44d8-937a-1dfe32c8e90b-image.png

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.