Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding Try accessing the router by IP address instead of by hostname.

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 3 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      koy
      last edited by

      Hi Professionals,

      I have a website hosting on my personal server, I access it outside my network even before.

      My problem is, when I installed Pfsense and use a Static IP address but my website can't reach on my new installed pfsense.
      this is the error message "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
      Try accessing the router by IP address instead of by hostname.".

      I still access my website in other network only in my pfsense has a problem.

      Can someone encountered this before?

      Thank you

      R S 2 Replies Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @koy
        last edited by

        @koy said in Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding Try accessing the router by IP address instead of by hostname.:

        Can someone encountered this before?

        Hundreds of times.

        You are using the same port (443?) for both pfSense and the behind-the-router webserver?

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        K 2 Replies Last reply Reply Quote 1
        • S
          SteveITS Galactic Empire @koy
          last edited by

          @koy https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html#dns-rebind-check

          Sounds like you are allowing access to your WAN IP (pfSense) instead of NAT forwarding port 443 to your web server.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote ๐Ÿ‘ helpful posts!

          1 Reply Last reply Reply Quote 1
          • K
            koy @rcoleman-netgate
            last edited by

            @rcoleman-netgate Hi, Thanks for your response.

            Yes I used 443 but the other is in Fortinet firewall. The static IP I connect to my pfsense was originally on fortigate, bacause I have a dual wan on my fortigate and I pulled out the 1 isp and connect it to my newly installed Pfsense.

            Can you help me to fix this problem.

            Thank you

            1 Reply Last reply Reply Quote 0
            • K
              koy @rcoleman-netgate
              last edited by

              @rcoleman-netgate hi, Thank you for your response.

              Yes I Allowed access to my WAN IP's but not in Pfsense.

              I have fortigate firewall and have a dual WAN (2 ISP). And I allowed both 443 (for redundancy) Access for my web server.

              So I created a newly Pfsense and I pulled out 1 ISP to connect to my Pfsense. And after that the problem came. I have a basic configuration in my pfsense, I dont have any port forwarding and NAT config yet.

              Can you help me how fix my problem.

              Thank you

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Galactic Empire @koy
                last edited by

                @koy Are you trying to connect to your WAN IP port 443 from LAN? If so you need to enable Reflection on the NAT rule. Otherwise you'll connect to the pfSense web server, and see that message. Or use Split DNS instead.

                https://docs.netgate.com/pfsense/en/latest/nat/reflection.html

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote ๐Ÿ‘ helpful posts!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.