Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Potential DNS Rebind Attack detected…

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 2 Posters 19.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      user000001
      last edited by

      When I use the hostname of the machine (https://(hostname):port) I get the message "Potential DNS Rebind attack detected, see (wikipedia page) Try accessing the router by IP address instead of by hostname" I did as has been suggested and checked the box to "Disable DNS Rebinding checks" under System->Advanced but I get the same error message. Accessing the web Configurator by IP works but I would like to be able to use the hostname. I am using 2.0-RC3 (i386) Built on Tue Aug 30 01:55:03 EDT 2011. Thanks.

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        Is the pfSense hostname the same as the hostname by which you are trying to access it through the browser?

        1 Reply Last reply Reply Quote 0
        • U
          user000001
          last edited by

          Yes. I've tried the hostname by itself and with the full domain name.

          I think it's a bug because it shouldn't give me that page with both "Disable webConfigurator redirect rule" and "Disable DNS Rebinding Checks" checked off. Has anyone else dealt with this problem?

          1 Reply Last reply Reply Quote 0
          • W
            wallabybob
            last edited by

            @user000001:

            Yes. I've tried the hostname by itself and with the full domain name.

            That wasn't what I meant.  I suspect there is an inconsistency between what pfSense thinks its hostname is AND the hostname you use to access it. For example, my pfSense box is configured with hostname pfsense and if I access it by pointing the web browser to pfsense all is fine. If I add an alias to my local DNS so pfsense1 maps to same IP address as pfSense and I attempt to access my pfSense box by pointing the web browser to pfsense1 then the browser reports: Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
            Try accessing the router by IP address instead of by hostname.

            Perhaps you have changed the pfSense hostname (and domain?) "recently" but haven't done enough to get everything correctly reinitialised. For example, it MIGHT be necessary to restart the web configurator or even reboot after changing the pfSense hostname (or domain).

            @user000001:

            I think it's a bug because it shouldn't give me that page with both "Disable webConfigurator redirect rule" and "Disable DNS Rebinding Checks" checked off. Has anyone else dealt with this problem?

            It MIGHT be necessary to restart the Web Configuration (from console menu) or even reboot for these changes to take effect.

            1 Reply Last reply Reply Quote 0
            • U
              user000001
              last edited by

              I knew what you meant but my reply came out wrong. I rebooted the machine after making changes. The actual hostname of the machine is what I'm using in the browser. For example https://pfsense.localdomain:port (with the hostname.domain replacing the default and adding a port) I also changed the hostname and domain in System->General Setup to match but to no avail. I should probably note that I'm trying to access this from outside the LAN from a machine allowed by a firewall rule.

              1 Reply Last reply Reply Quote 0
              • U
                user000001
                last edited by

                Now all of a sudden it works… I'm not 100% sure about this but I think the reason it didn't work is because I have several pfsense boxes on my network and the boxes other than the one I was testing on had the default pfsense.localdomain hostname setup. I think giving all of them actual hostnames allows the network to figure it out. Anyway, now that it works I don't want to jinx it by fiddling with anything hehe

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.