• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

DNS Rebind Attack

DHCP and DNS
1
1
850
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • I
    Ipeek
    last edited by Oct 21, 2014, 3:00 PM

    So before I get started I will say I’ve googled and looked through the forums and did not quite find what I was looking for sorry if this seems like a rehash of an old problem.

    Background:

    Previously had a windows server running DNS/DHCP. Had to get rid of it. Built a new DNS server using PowerDNS. Attempted to run DHCP on it as well but ran out of time and decided that pfSense(our main firewall) should run the DHCP. All has been well until yesterday… Yesterday and today a few of my users have been reporting that when they try and access the mail server(mail.mydomain.com) they get the DNS Rebind Attack page from pfSense.

    I've gone in and checked the Disable DNS rebind protection but to no avail. After doing so I try and load the mail.mydomain.com and it brings me to a pfSense login page.

    DNS:

    Now I've had to rebuild the DNS server based on someone else's work. So here is how it sort of looks pertaining to the mail server:

    mail.mydomain.com CNAME zimbra.server.hq.mydomain.com
    mail0.mydomain.com CNAME zimbra.server.hq.mydomain.com
    smtp.mydomain.com CNAME zimbra.server.hq.mydomain.com
    zimbra.mydomain.com CNAME zimbra.server.hq.mydomain.com
    zimbra.server.hq.mydomain.com A 192.168.2.241
    mydomain.com MX zimbra.server.hq.mydomain.com

    I've got NO idea why it was setup this way(the naming convention) but thats how it looks.

    Zimbra.mydomain.com works just fine as well as the others(from what I can tell). Now the mail.mydomain.com is how we view mail outside of the network and that works just fine. I just cant seem to figure out why this is happening.

    On one of my users I set the static information and the page loads fine. Turned it back to DHCP and rebooted and it still loads fine. Tried this on another user and either the page fails to load or it give the DNS rebind page.

    pfSense Setup:

    General Setup > DNS Servers
    192.168.2.2(internal) No gateway set
    97.x.x.x(ISP) No gateway set
    71.x.x.x(ISP) No gateway set

    Allow DNS server list to be overridden by DHCP/PPP on WAN

    Do not use the DNS forwarder as a DNS server for the firewall

    Services > DNS Forwarder

    Enable DNS forwarder

    Register DHCP leases

    Register DHCP static mappings

    Service > DHCP Server > LAN tab(.2 network)

    Enable

    Pools 2.10 to 2.245
    DNS Servers

    • 192.168.2.2
    • 8.8.8.8

    END

    –------------------

    Thanks in advanced!

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.