Connected to my main router to look at something else and looked at the log and this was immediately obvious as bottom 2 entries after the Luci log in. Can someone tell me what this means please -
Thu Oct 9 21:42:43 2025 daemon.err uhttpd[2007]: [info] luci: accepted login on / for root from 192.168.1.140
Thu Oct 9 21:43:15 2025 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: dev1.nfront.me
Thu Oct 9 21:43:15 2025 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: dev1.nfront.me
I also had 4 such entries from last night at a similar time?
Secondly whenever I sign into Luci it says “daemon.err” - does that mean an error or short for something else.If an error any idea what as it is not stopping me from accessing Luci?
Apologies if it is covered in a wiki somewhere but I didn’t find it.
10.xxx.xxx.xxx are private IPs. In general practice, public DNS servers shouldn't provide A records with private addresses. This is called DNS Rebinding.
Domain is ran by South Korean naver internet company if that rings the bell. Probably it is some kind of network condition measurement. dnsmasq acts up correctly.
They have a public dns record pointing to private IP address. That could happen eg. if you are in South Korea and they run some server inside your home providers infrastructure. If you are not in that position just disregard the message and move along.
I guess you're saying you still don't understand the 3 lines???
You successfully logged into the web GUI
I explained above already. These are 2 DNS queries. The reply A record sent as an answer is a private IP address. This is called "DNS Rebind", and OpenWrt blocks DNS Rebind by default for security purposes.
I provided more information following that sentence, but glad you found a Palo Alto guide.
Very simply, you don't want public DNS servers providing you replies that contain internal IPs addresses that are not accessible from the public Internet. In most cases, that's a security concern.