Sun Jan 6 19:51:25 2019 daemon.warn dnsmasq[2486]: Maximum number of concurrent DNS queries reached (max: 150)
Sun Jan 6 19:54:01 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:54:01 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:54:04 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:54:08 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:54:15 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:54:16 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:54:21 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:54:25 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:54:30 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:54:40 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:54:41 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:56:20 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:56:20 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:56:43 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:56:45 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:57:11 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:57:15 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:57:17 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:58:20 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:58:21 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:59:53 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:59:53 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:59:54 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:59:58 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 19:59:59 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 20:00:04 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 20:00:08 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 20:01:32 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 20:01:33 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 20:01:37 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Sun Jan 6 20:02:03 2019 daemon.warn dnsmasq[2486]: possible DNS-rebind attack detected: discuz.gtimg.cn
Post your configuration please.
/etc/config/dhcp
/etc/config/firewall
Rebind attack is when a client is requesting a domain that gives an IP with a RFC1918 Private or other invalid address.
If you are aware of the domain being queried, you can turn that off at the web GUI under Network > DHCP and DNS:
user@machine:~$ nslookup
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> discuz.gtimg.cn
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: discuz.gtimg.cn
Address: 0.0.0.1
>
I add option cachesize 150000 fixed it(Maximum number of concurrent DNS queries reached (max: 150)).
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option localservice '1'
option leasefile '/tmp/dhcp.leases'
option ednspacket_max '1024'
#option resolvfile '/etc/resolv.conf'
option noresolv '1'
**option cachesize 150000**
option strictorder '1'
option allservers '1'
list server '127.0.0.1#5053'
#list server '127.0.0.1#5353'
list server '2606:4700:4700::1111'
list server '/pool.ntp.org/1.0.0.1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '350'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
#list dhcp_option '6,119.29.29.29,208.67.222.222,1.0.0.1,8.8.8.8,9.9.9.9'
list dns '2606:4700:4700::1111'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.