DNS Rebind Errors with PiHole for DNS

Installing and Using OpenWrt Network and Wireless Configuration
1

I have just added a RasperberyPi for ad-blocking/tracking use and have now got a lot (hammering) of DNS Rebind attacks in my System Log.

Example:

Sun Nov  1 17:21:23 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: browser.pipe.aria.microsoft.com
Sun Nov  1 17:21:25 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: secure-eu.imrworldwide.com
Sun Nov  1 17:21:28 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: secure-eu.imrworldwide.com
Sun Nov  1 17:21:31 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: secure-eu.imrworldwide.com
Sun Nov  1 17:21:34 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: secure-eu.imrworldwide.com
Sun Nov  1 17:21:37 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: secure-eu.imrworldwide.com
Sun Nov  1 17:21:40 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: secure-eu.imrworldwide.com
Sun Nov  1 17:21:40 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: activity.windows.com
Sun Nov  1 17:21:43 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: secure-eu.imrworldwide.com
Sun Nov  1 17:21:43 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: tracksrv.zdf.de
Sun Nov  1 17:21:45 2020 daemon.warn dnsmasq[31743]: possible DNS-rebind attack detected: self.events.data.microsoft.com

I have turned off Rebind Protection and errors are of course gone but feel that this is a less sercure option.

My Raspberry Pi has a static assigned IP of 192.168.2.250 on my home network and it has the the following line assigned in "/tmp/hosts/dhcp.cfg01411c":

192.168.2.250 RaspberryPi4Ether.lan

My DNS Masq config is: (with protection off)

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	list server '192.168.2.250'
	option localservice '1'
	option rebind_protection '0'

I tried to to use the "Domain whitelist" with many different combinations of what I thought might work, but no change. I used "RaspberryPi4Ether.lan", LAN, .LAN, 192.168.2.250 and some others. Nothing solved the issue.

I think I am missing a basic setting that I do not realise.

I am using a WRT3200ACM on OpenWRT Stable 19.07 with the basic packages installed along with packages for VPN Policy-Based Routing i.e. DNSMasq-Full

Can anyone point me in the correct direction?

2

The DNS rebind alert means that your router is receiving private IP addresses when requesting info about public servers. I do not know how does PiHole work exactly, but I do not understand how can it be sending private IP addresses for sites from the microsoft.com domain.

1 Like
3

@eduperez I really am not an expert in any sense but maybe it has something to do with the advance settings in the PiHole application on the Raspberry Pi. See below for the screenshots. I only added the info for conditional forwarding, the rest is default.

image
image1487×608 83.6 KB

image
image1443×752 105 KB

4
1 Like
5

@trendy Thanks, I already found this helpful guide and was trying to whitelist my PiHole as is done in DDWRT but with the OpenWRT command syntax as shown in the OpenWRT DNS and DHCP configuration manual page.

image
image1502×106 12.9 KB

I could not get it to work, hence my problem. To me it should work but maybe I do not know how to list my PiHole device. I tried a lot of combinations but no luck. I think it should be whitelisted as: "RaspberryPi4Ether.lan" but that is not working. When I set it and save apply settings in OpenWRT it restarts DNSMasq but no change to how it reports the error.

6

Since we have the same setup, I completely bypass the dnsmasq with these:

network.lan.dns='10.0.2.3' '10.0.2.2'
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='0'
dhcp.@dnsmasq[0].domain='mrv'
dhcp.@dnsmasq[0].local='/mrv/'
dhcp.@dnsmasq[0].rebind_protection='0'
dhcp.@dnsmasq[0].localservice='0'
dhcp.@dnsmasq[0].tftp_root='/tmp/'
dhcp.@dnsmasq[0].dhcp_boot='vmlinux'
dhcp.@dnsmasq[0].enable_tftp='1'
dhcp.@dnsmasq[0].queryport='5353'
dhcp.@dnsmasq[0].filterwin2k='1'
dhcp.@dnsmasq[0].sequential_ip='1'
dhcp.@dnsmasq[0].quietdhcp='1'
dhcp.@dnsmasq[0].logqueries='0'
dhcp.@dnsmasq[0].cachesize='5000'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.ra='server'
dhcp.lan.ra_slaac='1'
dhcp.lan.leasetime='2h'
dhcp.lan.domain='mrv'
dhcp.lan.dns='fd00:bbbb::2' 'fd00:bbbb::3'
dhcp.lan.force='1'
dhcp.lan.ra_useleasetime='1'
dhcp.lan.dhcp_option='252,"\n"' '15,mrv' '6,10.0.2.2,10.0.2.3' '119,mrv' '42,10.0.2.1'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra_management='0'
dhcp.lan.ra_flags='managed-config other-config'

I am advertising the Piholes directly to the lan host with dhcp option 6.

2 Likes
7

Thanks. I will take me some time to figure out your setup and if it will fix my issue.