DNS Rebind Attack generated when trying to connect to local hostname with static DHCP lease

ryanrozich

Hi there. I recently started getting "Potential DNS Rebind attack detected" errors for internal host names with static DHCP leases on my network. Can anyone help me with where I've gone wrong? From what I can tell I should have pfsense configured to resolve local hostnames - but I must have something misconfigured..

I have my wireless AP configured with a static DHCP lease with the hostname wireless

I am using DNS Resolver with both DHCP Registration and Static DHCP selected

I also have DNS Query Forwarding turned on in the resolver and am using cloudflare DNS over TLS

In my System > General Setup I have Domain set to rozich.com as TLD for all local DNS

So, when I try to connect to my wireless router (hostname: wireless) using wireless.rozich.com I would expect the DNS Resolver to route me to the ip address of the wireless router. However, I get a DNS Rebind error when I try to connect:

SOME THINGS THAT IVE TRIED
A couple things that I tried (with no luck)

Add custom options to DNS Resolver - added the internal TLD as a private-domain - this did not have any effect.

Disable DNS Rebind Protection I've even tried selecting Disable DNS Rebinding Checks under System >Advanced > Admin Access

But when I disable the rebind check wireless.rozich.com taking me to the PFSense admin

Furthermore, the static lease for wireless is the lan address 192.168.100.1; but I can see in chrome dev tools that wireless.rozich.com is resolving to the WAN IP Address of pfsense??!

Can anyone help here? For reference here is my setup: