Posted: Sat Dec 25, 2021 23:16 Post subject: DNS-rebind attack detected
For everthing I am accessing, I am getting the below " possible DNS-rebind attack deteced"
[i]Dec 26 00:05:45 DD-WRT daemon.warn dnsmasq[6614]: possible DNS-rebind attack detected: dit.whatsapp.net
Dec 26 00:06:27 DD-WRT daemon.warn dnsmasq[6614]: possible DNS-rebind attack detected: dit.whatsapp.net
Dec 26 00:06:30 DD-WRT daemon.warn dnsmasq[6614]: possible DNS-rebind attack detected: sdkconfig.ad.intl.xiaomi.com
Dec 26 00:13:45 DD-WRT daemon.warn dnsmasq[6614]: possible DNS-rebind attack detected: googleads.g.doubleclick.net
Dec 26 00:13:45 DD-WRT daemon.warn dnsmasq[6614]: possible DNS-rebind attack detected: googleads.g.doubleclick.net
Dec 26 00:13:59 DD-WRT daemon.warn dnsmasq[6614]: possible DNS-rebind attack detected: config.unityads.unity3d.com
Dec 26 00:13:59 DD-WRT daemon.warn dnsmasq[6614]: possible DNS-rebind attack detected: config.unityads.unity3d.com
I am using r47900 build on netgear 7800. The connection is fibre broadband (only ip4) via a modem and then to router. For DNS I ignored WAN dns from ISP and have enabled adguard dns family dnscyprt from the options avilable via GUI. Did not make any other chnages
Dec 26 00:16:17 DD-WRT daemon.info dnscrypt-proxy[15599]: Server key fingerprint is 6519:DAD5:69D7:E6B1:C1B1:94AF:CD0B:B214:3992:47CB:FFCD:848C:090E:222E:D3E5:5841
Dec 26 00:16:17 DD-WRT daemon.notice dnscrypt-proxy[15599]: Proxying from 127.0.0.1:30 to XXXXX:5443
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: started, version 2.86 cachesize 1500
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua no-TFTP no-conntrack ipset no-auth cryptohash DNSSEC loop-detect inotify no-dumpfile
Dec 26 00:16:17 DD-WRT daemon.warn dnsmasq[15611]: warning: ignoring resolv-file flag because no-resolv is set
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq-dhcp[15611]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 1d
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: using nameserver 127.0.0.1#30
Dec 26 00:16:17 DD-WRT user.info : [dnsmasq] : daemon successfully started
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: using only locally-known addresses for test
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: using only locally-known addresses for onion
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: using only locally-known addresses for localhost
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: using only locally-known addresses for local
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: using only locally-known addresses for invalid
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: using only locally-known addresses for bind
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: read /etc/hosts - 2 addresses
Dec 26 00:16:17 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully stopped
Dec 26 00:16:17 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully started
Dec 26 00:16:18 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully stopped
Dec 26 00:16:18 DD-WRT user.info root: WireGuard number of non failed tunnels in fail set: 0
Dec 26 00:16:19 DD-WRT user.info : [vpn modules] : vpn modules successfully unloaded
Dec 26 00:16:19 DD-WRT user.info : [vpn modules] : nf_conntrack_proto_gre successfully loaded
Dec 26 00:16:19 DD-WRT user.info : [vpn modules] : nf_nat_proto_gre successfully loaded
Dec 26 00:16:19 DD-WRT user.info : [vpn modules] : nf_conntrack_pptp successfully loaded
Dec 26 00:16:19 DD-WRT user.info : [vpn modules] : nf_nat_pptp successfully loaded
Dec 26 00:16:19 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully started
Dec 26 00:16:19 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully started
No more mention in the logs and above produced looks okay