OpenWrt Forum Archive

Topic: Rebind protection security

The content of this topic has been archived on 30 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
ymhee_bcex
12 Sep 2012, 16:44

I have Active Directory server on the network (ad.example.com). It is not accessible from the WAN. Looking at the router log I see frequent messages 

daemon.warn dnsmasq[2194]: possible DNS-rebind attack detected: ad.example.com

My /etc/config/dhcp is "out of the box":

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'

From what I understand reading wiki I should be able to disable rebind_protection. Are there any security concerns that I should be aware of? It's a small network, and I am not concern about attacker "from inside"; so if it doesn't open me to attack from outside, I'd rather not see those warnings.

I am running Attitude Adjustment r33276, if it makes a difference.

Any advice? Thanks

(Last edited by ymhee_bcex on 12 Sep 2012, 16:45)

Post #2
jow
12 Sep 2012, 16:56

You can declare a whitelist.

list rebind_domain 'ad.example.com'
list rebind_domain 'dns.acme.org'
...

The discussion might have continued from here.