New AP set up today - now getting DNS-rebind attack warnings.

  • Today I replaced my WRT54gsV1+DDWRT with a brand new Asus RT-N56U.  It's set up in AP mode with a static LAN and this handles my home network(Network1) from my PfSense box(ESXi host in sig).  Network2 just goes straight from pfSense to a switch and I use this as my test/work bench network.  My main rig is connected via wire to the new AP on Network1.

    Whenever I try to go to on my main rig I get that DNS-rebind warning.  I haven't yet found any other sites that result in this error.

    If I connect to my Win7 VM(teamviewer, vSphere, whatever) on that same ESXi host I can access google fine.  This Win7 VM is connected to the vSwitch for Network2 if it matters.

    Why is this happening and how do I fix it?  I have a feeling it has something to do with hostnames, specifically the hostname of this new AP.  Problem is I have no idea how I can change it since there doesn't appear to be an option to do so in the AP config, and I have no idea how to fetch whatever hostname it currently has so I can add it to the hostname exception list in pfSense System > Advanced.

  • Netgate Administrator

    Hmm, odd.
    It would seem something on your network is redirecting traffic to the pfSense LAN interface.
    Have you disabled allt he routing/DNS/captive portal features of your new Asus?


  • When you first log in to this asus you're given two options.  Regular router mode, or AP mode.  AP mode disables NAT/DHCP as it assumes you're placing the n56u behind another router.  NAT/DHCP were passing through from pfSense to my home network so this was working fine.  It was just that was resulting in that error which seems to have resolved itself.  I can access google now.

    My LAN settings on the n56u are… LAN) LAN)

    Windows ipconfig on my main rig spits out the same results it did when I had my wrt54gsv1 running.  It shows as the gateway, DHCP server, and DNS.

  • Netgate Administrator

    So all good now then?
    Probably some DNS entry was cached during the router setup and your browser attempted to use it.


  • Yeah everything is fine now.  I even rebooted pfSense yesterday and that didn't fix it.  It just randomly started working again.  Weird.

  • Not sure if this will help but I had a similar issue on my Asus router.

    in the dnsmasq custom config I had to put these settings to make the error stop

    server=/ (this is your local dns server ip)
    server=// (this is your local dns server ip)

    obviously make the correct changes and leave my comments out.