DNS Rebind Attack
Ipeek last edited by
So before I get started I will say I’ve googled and looked through the forums and did not quite find what I was looking for sorry if this seems like a rehash of an old problem.
Previously had a windows server running DNS/DHCP. Had to get rid of it. Built a new DNS server using PowerDNS. Attempted to run DHCP on it as well but ran out of time and decided that pfSense(our main firewall) should run the DHCP. All has been well until yesterday… Yesterday and today a few of my users have been reporting that when they try and access the mail server(mail.mydomain.com) they get the DNS Rebind Attack page from pfSense.
I've gone in and checked the Disable DNS rebind protection but to no avail. After doing so I try and load the mail.mydomain.com and it brings me to a pfSense login page.
Now I've had to rebuild the DNS server based on someone else's work. So here is how it sort of looks pertaining to the mail server:
mail.mydomain.com CNAME zimbra.server.hq.mydomain.com
mail0.mydomain.com CNAME zimbra.server.hq.mydomain.com
smtp.mydomain.com CNAME zimbra.server.hq.mydomain.com
zimbra.mydomain.com CNAME zimbra.server.hq.mydomain.com
zimbra.server.hq.mydomain.com A 192.168.2.241
mydomain.com MX zimbra.server.hq.mydomain.com
I've got NO idea why it was setup this way(the naming convention) but thats how it looks.
Zimbra.mydomain.com works just fine as well as the others(from what I can tell). Now the mail.mydomain.com is how we view mail outside of the network and that works just fine. I just cant seem to figure out why this is happening.
On one of my users I set the static information and the page loads fine. Turned it back to DHCP and rebooted and it still loads fine. Tried this on another user and either the page fails to load or it give the DNS rebind page.
General Setup > DNS Servers
192.168.2.2(internal) No gateway set
97.x.x.x(ISP) No gateway set
71.x.x.x(ISP) No gateway set
Services > DNS Forwarder
Service > DHCP Server > LAN tab(.2 network)
Pools 2.10 to 2.245
Thanks in advanced!