1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

possible DNS-rebind attack detected (toastman on R7000)

Discussion in 'Tomato Firmware' started by darksky, Sep 9, 2017.

  1. darksky

    darksky Networkin' Nut Member

    My logs seems to be filled with lines relating to a possible DNS-rebind attack. Sample below. I am running pihole on a device behind my R7000 and I have the R7000 configured to use the IP of that box as the primary DNS (Basic>Network>Static DNS = 192.168.1.150). Is there a way to suppress these warnings?

    Code:
    Sep  9 09:53:34 serenity daemon.warn dnsmasq[15158]: possible DNS-rebind attack detected: fls-na.amazon.com
    Sep  9 09:55:07 serenity daemon.warn dnsmasq[15158]: possible DNS-rebind attack detected: geo.yahoo.com
    Sep  9 09:55:35 serenity daemon.warn dnsmasq[15158]: possible DNS-rebind attack detected: collector.githubapp.com
    Sep  9 09:55:35 serenity daemon.warn dnsmasq[15158]: possible DNS-rebind attack detected: www.google-analytics.com
    Sep  9 09:56:00 serenity daemon.warn dnsmasq[15158]: possible DNS-rebind attack detected: collector.githubapp.com
    Sep  9 09:56:00 serenity daemon.warn dnsmasq[15158]: possible DNS-rebind attack detected: www.google-analytics.com
    Sep  9 09:56:03 serenity daemon.warn dnsmasq[15158]: possible DNS-rebind attack detected: collector.githubapp.com
    Sep  9 09:56:03 serenity daemon.warn dnsmasq[15158]: possible DNS-rebind attack detected: www.google-analytics.com
     
  2. Sean B.

    Sean B. LI Guru Member

    DNS-rebind attacks are specific and aimed at a network of choice. Unless you feel there's a cause, reason, or otherwise higher risk that you'd be targeted for such an attack you can just turn off the DNS-rebind checks by going to Advanced->DHCP/dns in the routers GUI and unchecking "Prevent DNS-Rebind attacks".
     
    Last edited: Sep 9, 2017
  3. darksky

    darksky Networkin' Nut Member

    Thanks. I completely forgot about that option.
     
  4. ruggerof

    ruggerof LI Guru Member

    You can also specify your Pihole in the Dnsmasq custom configuration with the option "rebind-domain-ok".

    I run two OrangePi Zero with Pihole in my system whose hostnames are "PiHole1" and "PiHole2", whereas my domain is "home", in my case I have the following in the Dnsmasq custom configuration.

    Code:
    rebind-domain-ok=/PiHole1.home/PiHole2.home/
     
    Monk E. Boy, mmosoll and Sean B. like this.
  5. Sean B.

    Sean B. LI Guru Member

    I was going to suggest that at first. But being that disabling is easy, DNS-rebind protection is really rather overkill for the average user, and he didn't state if he's in or has configured a domain ( my assumption is no ) I just suggested to disable. But I should have mentioned it anyway for completeness and options, so glad you thought to do so.
     

Share This Page