They seem trustworthy sites: Microsoft, google, github, mozilla, etc. I do not believe those sites are trying to do a rebind attack. The "DNS rebind" setting causes many messages in syslog "possible DNS-rebind attack". All that was working (eg the routes and the port-forwarding etc) for weeks/months without any intervention required. I have 2 Wireguard VPN tunnels - and one accepts incoming traffic (port-forwarding). Hi - I read this post with interest, as I have similar situation. Posted: Tue 11:39 Post subject: possible rebind attack and wireguard In this case, the option "No DNS Rebind" - Enable.Īutomatically adjustable temperature, always within the range of 59-68°С. There were less than 10 such entries, so this was not a problem. I don't know if I did the right thing, I did it like this:Īdded one more file to "Additional Dnsmasq Options": I'm scratching my head of how to eliminate the problem. I get a similar issue on an older build (44700). It is only quite annoying because it spams the log fullĮither live with the log spam or disable "no DNS rebind". spoofs the response and returns 0.0.0.0ĭnsmasq thinks the blocked domains are a dns rebind attack and blocks them again looks up the in-memory blocklist settings to see if there are rules for this domain. Saw a few related changes recently, so try today's build. Hi blkt, Does this mean that its being worked on by Brainslayer to fix this issue ? yes you are right, I'm using Windscribe Vpn and they have this feature they call "ROBERT" (Blocks IPs and domains (ads) of your choice on all devices) I did disable "no DNS rebind" like you said for the workaround and it worked. I disabled no DNS rebind and all the warnings about rebind attacks are not there anymore. I get like 80 ish with WireGuard and less with OpenVpn. I had Surfshark but they don't currently support it with routers just yet only there apps support it at this time, I'm thinking you are right though about the bandwidth from Windscribe, I have it working but just don't have the speed I was looking for. I went with them because they offered the WireGuard for users with a DD-WRT Router. Hey there Egc, I am trying out Windscribe VPN and they only have 2 dns servers to use. It will return something like 0.0.0.0 for the domains mentionedĭo not see any normal domains there eitherĮdit: workaround disable "no DNS rebind" in service Tab Looks to me like a blackhole server that blocks tracking and adds WireGuard is about 3 times faster than OpenVPN, provided you get sufficient bandwidth from your ISP and VPN provider Of course it can be real, coming from websites which want to steal your DNS and reroute it. If that is the case, you can allow rebinding for certain domains with something like: if you are using another DNS server in your domain with a private IP address. A rebind attack could be due to "bad" configuration, i.e.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |