Posted: Thu Nov 25, 2010 20:55 Post subject: Flash Buffalo
I'm sorry. I wasn't very clear on that point. I was able to get it to revert using the Buffalo orignal firmware (1.72) found on this site. From there, I could do additional flashes, just not from DD-wrt. I always had to go back to the Buffalo firmware.
After reading this thread and doing some research, I think the solution to disable the --stop-dns-rebind option is heavy-handed.
From the DNSMasq man pages:
Quote:
--stop-dns-rebind
Reject (and log) addresses from upstream nameservers which are in the private IP ranges. This blocks an attack where a browser behind a firewall is used to probe machines on the local network.
--rebind-localhost-ok
Exempt 127.0.0.0/8 from rebinding checks. This address range is returned by realtime black hole servers, so blocking it may disable these services.
--rebind-domain-ok=[<domain>]|[[/<domain>/[<domain>/]
Do not detect and block dns-rebind on queries to these domains. The argument may be either a single domain, or multiple domains surrounded by '/', like the --server syntax, eg. --rebind-domain-ok=/domain1/domain2/domain3/
So the reason it is enabled by default in the first place is for security purposes. It appears that exceptions can be made very easily by adding "--rebind-localhost-ok" and "--rebind-domain-ok=<domain>" to the "Additional DNSMasq Options" box in the GUI, while maintaining recommended protection against the exploit described in the man page.
I am also experiencing this problem, I am running the latest build supported by my wrt54g v2 as listed in the Router Database 14896, and I cannot find a "No DNS Rebind" option.
Is there some other place I'm suppose to look for newer builds?
Joined: 06 Feb 2010 Posts: 7423 Location: Little Rock
Posted: Sun Feb 27, 2011 11:18 Post subject:
If you are using the older builds that don't have it as an on or off options, you can sign up with opendns and they have an option to filter dns-rebind requests. _________________ Linking Routers | DD-WRT Wiki | DD-WRT Builds
Sorry for digging up an old thread, but I am experiencing same difficulties as you are. I need dnsmasq to forward xxx.subdomain.example.com type requests to another DNS-server. Those hosts have privnet IP-addresses, so just adding line:
Code:
server=/subdomain.example.com/10.0.0.1
won't do the trick. I've tried to add also line:
Code:
rebind-domain-ok=/subdomain.example.com/
and the same line without those slashes, but dnsmasq will not start if that line is added. I've also tried to start dnsmasq from commandline with command:
thing, but it failed to start if the "stop-dns-rebind" line was missing from the conf-file. I am going insane with this one. Can somebody tell me what should I try next?