1

DNSMASQ rebind attacks, ASUS routers

This has probably been mentioned on here before but when NextDNS IP addresses are setup as WAN DNS servers on an ASUS router and DNS TLS is enabled etc and adblocking occurs via filters through NextDNS dashboard there are system logs on the router showing rebind attacks from examples scribe.roku.com, cooper.logs. etc roku devices or some others as well. Options of DNS rebinding protection is enabled at NextDNS and also on router, but still dnsmasq on the router is seeing these false dns replies. One option is to turn off DNS rebind protection at the router level since nextdns is used, but it should be that these domains are properly dropped before they even reply back to router and private ip devices? I would think dnsmasq on these routers would have ability to add 0.0.0.0 or perhaps at the DNS level of NextDNS service? When I use adguard or another provider I do not get these false rebind system logs?

1 reply

null
    • MrRogers
    • 9 days ago
    • Reported - view

    Well it seems routers dnsmasq doesn’t like the 0.0.0.0 kickbacks sent by next dns. Resolved issue by turning on the Enable Block Page option in NextDNS dashboard “turns off 0.0.0.0”. So if anyone else has issue like this, try that. Else you flash router and ruin your warranty and use dnsmasq rule to drop false rebind messages. 

Login to reply

Content aside

  • 1 Likes
  • 9 days agoLast active
  • 1Replies
  • 87Views
  • 1 Following