Potential DNS Rebind Attack detected…



  • When I use the hostname of the machine (https://(hostname):port) I get the message "Potential DNS Rebind attack detected, see (wikipedia page) Try accessing the router by IP address instead of by hostname" I did as has been suggested and checked the box to "Disable DNS Rebinding checks" under System->Advanced but I get the same error message. Accessing the web Configurator by IP works but I would like to be able to use the hostname. I am using 2.0-RC3 (i386) Built on Tue Aug 30 01:55:03 EDT 2011. Thanks.



  • Is the pfSense hostname the same as the hostname by which you are trying to access it through the browser?



  • Yes. I've tried the hostname by itself and with the full domain name.

    I think it's a bug because it shouldn't give me that page with both "Disable webConfigurator redirect rule" and "Disable DNS Rebinding Checks" checked off. Has anyone else dealt with this problem?



  • @user000001:

    Yes. I've tried the hostname by itself and with the full domain name.

    That wasn't what I meant.  I suspect there is an inconsistency between what pfSense thinks its hostname is AND the hostname you use to access it. For example, my pfSense box is configured with hostname pfsense and if I access it by pointing the web browser to pfsense all is fine. If I add an alias to my local DNS so pfsense1 maps to same IP address as pfSense and I attempt to access my pfSense box by pointing the web browser to pfsense1 then the browser reports: Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
    Try accessing the router by IP address instead of by hostname.

    Perhaps you have changed the pfSense hostname (and domain?) "recently" but haven't done enough to get everything correctly reinitialised. For example, it MIGHT be necessary to restart the web configurator or even reboot after changing the pfSense hostname (or domain).

    @user000001:

    I think it's a bug because it shouldn't give me that page with both "Disable webConfigurator redirect rule" and "Disable DNS Rebinding Checks" checked off. Has anyone else dealt with this problem?

    It MIGHT be necessary to restart the Web Configuration (from console menu) or even reboot for these changes to take effect.



  • I knew what you meant but my reply came out wrong. I rebooted the machine after making changes. The actual hostname of the machine is what I'm using in the browser. For example https://pfsense.localdomain:port (with the hostname.domain replacing the default and adding a port) I also changed the hostname and domain in System->General Setup to match but to no avail. I should probably note that I'm trying to access this from outside the LAN from a machine allowed by a firewall rule.



  • Now all of a sudden it works… I'm not 100% sure about this but I think the reason it didn't work is because I have several pfsense boxes on my network and the boxes other than the one I was testing on had the default pfsense.localdomain hostname setup. I think giving all of them actual hostnames allows the network to figure it out. Anyway, now that it works I don't want to jinx it by fiddling with anything hehe


Log in to reply