Possible dns-rebind attack with strange url

Got this in the log today:
Wed Sep 13 12:16:56 2023 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: 192-168-1-114.abcdefghijklmnopqrstuvwxyz012345.plex.direct

Any ideas? Should I be concerned?

Thanks in advance

It's expected in default configuration. An answer from upstream DNS returns a private IP, which normally should not be the case. It's not malicious necessarily if it is connected with the plex media.

2 Likes

More explanation here

5 Likes

Thanks, both of you!

1 Like

I'd recommend you allow this domain:

uci del_list dhcp.@dnsmasq[0].rebind_domain='plex.direct'
uci add_list dhcp.@dnsmasq[0].rebind_domain='plex.direct'
uci commit dhcp
service dnsmasq restart
4 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.