DNS Rebind Attack



  • So before I get started I will say I’ve googled and looked through the forums and did not quite find what I was looking for sorry if this seems like a rehash of an old problem.

    Background:

    Previously had a windows server running DNS/DHCP. Had to get rid of it. Built a new DNS server using PowerDNS. Attempted to run DHCP on it as well but ran out of time and decided that pfSense(our main firewall) should run the DHCP. All has been well until yesterday… Yesterday and today a few of my users have been reporting that when they try and access the mail server(mail.mydomain.com) they get the DNS Rebind Attack page from pfSense.

    I've gone in and checked the Disable DNS rebind protection but to no avail. After doing so I try and load the mail.mydomain.com and it brings me to a pfSense login page.

    DNS:

    Now I've had to rebuild the DNS server based on someone else's work. So here is how it sort of looks pertaining to the mail server:

    mail.mydomain.com CNAME zimbra.server.hq.mydomain.com
    mail0.mydomain.com CNAME zimbra.server.hq.mydomain.com
    smtp.mydomain.com CNAME zimbra.server.hq.mydomain.com
    zimbra.mydomain.com CNAME zimbra.server.hq.mydomain.com
    zimbra.server.hq.mydomain.com A 192.168.2.241
    mydomain.com MX zimbra.server.hq.mydomain.com

    I've got NO idea why it was setup this way(the naming convention) but thats how it looks.

    Zimbra.mydomain.com works just fine as well as the others(from what I can tell). Now the mail.mydomain.com is how we view mail outside of the network and that works just fine. I just cant seem to figure out why this is happening.

    On one of my users I set the static information and the page loads fine. Turned it back to DHCP and rebooted and it still loads fine. Tried this on another user and either the page fails to load or it give the DNS rebind page.

    pfSense Setup:

    General Setup > DNS Servers
    192.168.2.2(internal) No gateway set
    97.x.x.x(ISP) No gateway set
    71.x.x.x(ISP) No gateway set


    Services > DNS Forwarder



    Service > DHCP Server > LAN tab(.2 network)


    Pools 2.10 to 2.245
    DNS Servers

    • 192.168.2.2
    • 8.8.8.8

    END

    –------------------

    Thanks in advanced!