New AP set up today - now getting DNS-rebind attack warnings.



  • Today I replaced my WRT54gsV1+DDWRT with a brand new Asus RT-N56U.  It's set up in AP mode with a static LAN and this handles my home network(Network1) from my PfSense box(ESXi host in sig).  Network2 just goes straight from pfSense to a switch and I use this as my test/work bench network.  My main rig is connected via wire to the new AP on Network1.

    Whenever I try to go to www.google.com on my main rig I get that DNS-rebind warning.  I haven't yet found any other sites that result in this error.

    If I connect to my Win7 VM(teamviewer, vSphere, whatever) on that same ESXi host I can access google fine.  This Win7 VM is connected to the vSwitch for Network2 if it matters.

    Why is this happening and how do I fix it?  I have a feeling it has something to do with hostnames, specifically the hostname of this new AP.  Problem is I have no idea how I can change it since there doesn't appear to be an option to do so in the AP config, and I have no idea how to fetch whatever hostname it currently has so I can add it to the hostname exception list in pfSense System > Advanced.


  • Netgate Administrator

    Hmm, odd.
    It would seem something on your network is redirecting traffic to the pfSense LAN interface.
    Have you disabled allt he routing/DNS/captive portal features of your new Asus?

    Steve



  • When you first log in to this asus you're given two options.  Regular router mode, or AP mode.  AP mode disables NAT/DHCP as it assumes you're placing the n56u behind another router.  NAT/DHCP were passing through from pfSense to my home network so this was working fine.  It was just www.google.com that was resulting in that error which seems to have resolved itself.  I can access google now.

    My LAN settings on the n56u are…

    192.168.1.1(n56u LAN)
    255.255.255.0
    192.168.1.3(pfSense LAN)

    Windows ipconfig on my main rig spits out the same results it did when I had my wrt54gsv1 running.  It shows 192.168.1.3 as the gateway, DHCP server, and DNS.


  • Netgate Administrator

    So all good now then?
    Probably some DNS entry was cached during the router setup and your browser attempted to use it.

    Steve



  • Yeah everything is fine now.  I even rebooted pfSense yesterday and that didn't fix it.  It just randomly started working again.  Weird.



  • Not sure if this will help but I had a similar issue on my Asus router.

    in the dnsmasq custom config I had to put these settings to make the error stop

    rebind-domain-ok=/yourdomain.com/
    server=/yourdomain.com/xxx.xxx.xxx.xxx (this is your local dns server ip)
    server=//xxx.xxx.xxx.xxx (this is your local dns server ip)

    obviously make the correct changes and leave my comments out.


Log in to reply