I have just added a RasperberyPi for ad-blocking/tracking use and have now got a lot (hammering) of DNS Rebind attacks in my System Log.
Example:
Sun Nov 1 17:21:23 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: browser.pipe.aria.microsoft.com
Sun Nov 1 17:21:25 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: secure-eu.imrworldwide.com
Sun Nov 1 17:21:28 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: secure-eu.imrworldwide.com
Sun Nov 1 17:21:31 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: secure-eu.imrworldwide.com
Sun Nov 1 17:21:34 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: secure-eu.imrworldwide.com
Sun Nov 1 17:21:37 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: secure-eu.imrworldwide.com
Sun Nov 1 17:21:40 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: secure-eu.imrworldwide.com
Sun Nov 1 17:21:40 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: activity.windows.com
Sun Nov 1 17:21:43 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: secure-eu.imrworldwide.com
Sun Nov 1 17:21:43 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: tracksrv.zdf.de
Sun Nov 1 17:21:45 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: self.events.data.microsoft.com
I have turned off Rebind Protection and errors are of course gone but feel that this is a less sercure option.
My Raspberry Pi has a static assigned IP of 192.168.2.250 on my home network and it has the the following line assigned in "/tmp/hosts/dhcp.cfg01411c":
I tried to to use the "Domain whitelist" with many different combinations of what I thought might work, but no change. I used "RaspberryPi4Ether.lan", LAN, .LAN, 192.168.2.250 and some others. Nothing solved the issue.
I think I am missing a basic setting that I do not realise.
I am using a WRT3200ACM on OpenWRT Stable 19.07 with the basic packages installed along with packages for VPN Policy-Based Routing i.e. DNSMasq-Full
The DNS rebind alert means that your router is receiving private IP addresses when requesting info about public servers. I do not know how does PiHole work exactly, but I do not understand how can it be sending private IP addresses for sites from the microsoft.com domain.
@eduperez I really am not an expert in any sense but maybe it has something to do with the advance settings in the PiHole application on the Raspberry Pi. See below for the screenshots. I only added the info for conditional forwarding, the rest is default.
@trendy Thanks, I already found this helpful guide and was trying to whitelist my PiHole as is done in DDWRT but with the OpenWRT command syntax as shown in the OpenWRT DNS and DHCP configuration manual page.
I could not get it to work, hence my problem. To me it should work but maybe I do not know how to list my PiHole device. I tried a lot of combinations but no luck. I think it should be whitelisted as: "RaspberryPi4Ether.lan" but that is not working. When I set it and save apply settings in OpenWRT it restarts DNSMasq but no change to how it reports the error.