False positive DNS-rebind attack detection?: ISP's homepage gets blocked

Hi, coming from the stock firmware, I have recently installed LEDE onto my TP-Link WR841N router.
Since then I have noticed that I am no longer able to access www.highspeedsurfer.de, which is the homepage of my Internet provider. After taking a look into the logs, I have found this:

daemon.warn dnsmasq[1884]: possible DNS-rebind attack detected: www.highspeedsurfer.de

How can this be? Is this a false positive or did I configure something wrong?

Maybe. Personally I would disable rebind protection since it interferes with a lot of legitimate cases (Plex). Such seems to be the case with you.

There's a setting to allow specific things thru rebind protection. Specifically for Plex you need to do:

uci add_list dhcp.@dnsmasq[-1].rebind_domain=plex.direct
uci commit
/etc/init.d/dnsmasq restart

Possibly OP can do the same for their specific domain.


Thanks! So this is not a bug that can be fixed within dnsmasq/LEDE?
I wonder why this very website gets blocked... What does it do that causes it being blocked?

For Plex -- this is definitely not a bug. For your ISP, you'd have to contact them for clarification on why they're rebinding their domain name to a local address on your network.

1 Like

which file is this you're editing?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.