OPNsense Forum

English Forums => General Discussion => Topic started by: giovanit on September 03, 2019, 02:45:32 pm

Title: [SOLVED] A potential DNS Rebind attack has been detected
Post by: giovanit on September 03, 2019, 02:45:32 pm

Hello people.

I created a port forwarding NAT for an internal server to access port 80. Access is via a DNS address example.test.com.
When access outside my local network works perfectly, but when access the same DNS the following message is displayed:
A potential DNS Rebind attack has been detected.
Try to access the router by IP address instead of by hostname.

I tried numerous NAT settings and also looked for some solutions on google, none worked. Can someone help me?

Title: Re: [SOLVED] A potential DNS Rebind attack has been detected
Post by: Northguy on September 03, 2019, 04:01:28 pm

Just wondering: you mark this issue solved, but don't add the solution. For my curiousity and future readers reference: what was the solution?

Title: Re: [SOLVED] A potential DNS Rebind attack has been detected
Post by: giovanit on September 04, 2019, 01:36:53 pm

Firewall -> Settings -> Advanced
Enable:
- Reflection for port forwarding
- 1: 1 reflection
- Automatic outbound NAT for reflection NAT

Firewall -> NAT -> Port Forwarding
WAN    TCP    *    *    WAN address    80 (HTTP)    192.168.1.50    80 (HTTP)    Name

Title: Re: [SOLVED] A potential DNS Rebind attack has been detected
Post by: vicentedeandrade on December 28, 2020, 02:57:24 pm

Hi,

I solved this only making a change in:

System / Settings / Administration
 - Alternate Hostname: my.host.on.ddns.service

Thanks!

Title: Re: [SOLVED] A potential DNS Rebind attack has been detected
Post by: gmiserk on November 15, 2021, 10:50:35 am

Hi,

can you say wich info i need to introduce in"alternative hostname"
my.host.on.ddns.service is your opnsens hostname  ?

Title: Re: [SOLVED] A potential DNS Rebind attack has been detected
Post by: nferocious76 on January 06, 2024, 04:26:03 am

I also just bump into the same issue. some of my redirect works but when the redirect is path to firewall itself I get this same warning. I don't want to turn off rebinding as it seems it will be bypassing my dns rebinding for all request. Any more updates or answer here?

Title: Re: [SOLVED] A potential DNS Rebind attack has been detected
Post by: conan on January 26, 2024, 04:35:42 pm

The following explanation from the official Docs is pretty detailed about this Situation and the possible fix.

https://docs.opnsense.org/manual/how-tos/nat_reflection.html (https://docs.opnsense.org/manual/how-tos/nat_reflection.html)

Follow the instructions and choose your Situation to create the correct Port Forward Rule for NAT Reflection.
Additionally, for me it was necessary to create also a NAT Outbound Rule, because I had my Service in a separated DMZ.

Okay I thought it worked, but it seems I am to dumb to do the right NAT Rules. If someone got the right config, I would appreciate the shared rules.