[Solved] Site to site connection: dns-rebind-attack

I´m trying to make DNS work in a site to site vpn-connection with two Openwrt-Routers.
Adding entry in dhcp and dns>Forwards for the other site desn´t seem to work.
I put /*.intern.domain.de/Ip-address of DNS-Server of other site as an entry in Forwards.
But still can´t resolve names of the other site. What worked was putting the names manually as name/ip-combination in General>Addresses.
In logread I found some entries from host.intern.domain.de as dns-rebind-attack.
Just want to resolve host.intern.domain.de to its local Ip-address.
Any ideas what I´m doing wrong?
regrads
Armin

Disable DNS Rebind Protection under the DNS/DHCP settings
.

isn´t that dangerous?

You can selectively disable rebind protection for that domain
Luci DNS-DHCP > Filter >Domain Whitelist "set name of domain of other side"

/etc/config/dhcp:

config dnsmasq
	list rebind_domain 'home'
1 Like

You can selectivity implement it as @egc noted if you're concerned. Since you have a known hostname providing a Private IP as a response, that shouldn't be a concern.

Optionally, you could make a hostname entry on the appropriate DNS resolver instead.

To add you might also need to disable local service only on the site you are querying.
Otherwise DNSMasq will not answer.

Disable Local Service only (DNSMasq: -local-service):
Luci DNS-DHCP > Filter >Local service only : untick/disable

config dnsmasq
	option localservice '0'
1 Like

Thanks a lot, even from the tomatoes on my eyes :slight_smile:
Should have seen that myself.

1 Like

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile:

1 Like