|
Author |
Message |
jifffy DD-WRT User
Joined: 08 Jun 2020 Posts: 58
|
Posted: Wed Jul 07, 2021 13:50 Post subject: possible DNS-rebind attack detected |
|
My logs are filled with this Code: | Jul 7 15:03:16 DD-WRT daemon.info hostapd: wlan1: STA 18:e7:f4:98:e9:99 WPA: group key handshake completed (RSN)
Jul 7 15:03:16 DD-WRT daemon.info hostapd: wlan0: STA 86:95:52:1c:0c:62 WPA: group key handshake completed (RSN)
Jul 7 15:03:16 DD-WRT daemon.info hostapd: wlan0: STA fe:59:5f:00:f3:47 WPA: group key handshake completed (RSN)
Jul 7 15:13:55 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: push.services.mozilla.com
Jul 7 15:21:07 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: iphone-ld.apple.com
Jul 7 15:21:12 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: api.weather.com
Jul 7 15:21:40 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: e4478.a.akamaiedge.net
Jul 7 15:21:47 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: api.weather.com
Jul 7 15:23:02 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: weather-analytics-events.apple.com
Jul 7 15:24:55 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: dns.cloudflare.com
Jul 7 15:25:29 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: dns.cloudflare.com
Jul 7 15:28:31 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: iphone-ld.apple.com
Jul 7 15:28:33 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: iphone-ld.apple.com
Jul 7 15:28:33 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: iphone-ld.apple.com
Jul 7 15:28:49 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: www.aviationweather.gov
Jul 7 15:30:14 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: dns.cloudflare.com
Jul 7 15:36:51 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: e4478.a.akamaiedge.net
Jul 7 15:41:44 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: s3.amazonaws.com
Jul 7 15:41:44 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: s3.amazonaws.com
Jul 7 15:41:44 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: s3.amazonaws.com
Jul 7 15:41:44 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: s3.amazonaws.com
Jul 7 15:41:47 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: s3.amazonaws.com | I have a Linksys 3200 ACM with pihole installed on an Odroid C2, I am not sure if that matters. What can be done. |
|
Back to top |
|
|
Sponsor
|
|
|
kernel-panic69 DD-WRT Guru
Joined: 08 May 2018 Posts: 14221 Location: Texas, USA
|
|
Back to top |
|
|
jifffy DD-WRT User
Joined: 08 Jun 2020 Posts: 58
|
Posted: Wed Jul 07, 2021 15:51 Post subject: |
|
I am on DD-WRT v3.0-r47000 std (06/28/21) my pihole is configured as follows Code: | no-resolv
server=192.168.1.12
cache-size=2048
log-async=5
#strict-order
dns-forward-max=5096
min-cache-ttl=300
dhcp-option=6,192.168.1.12 | My pihole IP is 192.168.1.12 and it seems to be working ok, blocking unwanted junk. So where is the problem ?
PS. Ok i see the problem, the Use DNSMasq for DNS was checked off, i unchecked it. Was this the correct thing to do?
PSS Problem solved, thanks guys.
Last edited by jifffy on Wed Jul 07, 2021 16:05; edited 2 times in total |
|
Back to top |
|
|
ho1Aetoo DD-WRT Guru
Joined: 19 Feb 2019 Posts: 2976 Location: Germany
|
Posted: Wed Jul 07, 2021 15:58 Post subject: |
|
is explained in the linked thread?
Quote: | Please do not add "Additional Dnsmasq Options" on the Router. |
Quote: | if you still want to use the DNS rebind protection you should enable this option directly in the DNSMasq of the Pi-Hole |
Quote: | All required settings are shown in the picture. |
|
|
Back to top |
|
|
|